Internet Engineering Task Force                                 J. Bound
INTERNET DRAFT                                                    Compaq
DHC Working Group                                              M. Carney
Obsoletes:  draft-ietf-dhc-dhcpv6-18.txt  draft-ietf-dhc-dhcpv6-19.txt           Sun Microsystems, Inc
                                                              C. Perkins
                                                   Nokia Research Center
                                                           R. Droms(ed.)
                                                           Cisco Systems
                                                            30 June
                                                             15 Oct 2001

         Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
                      draft-ietf-dhc-dhcpv6-19.txt
                      draft-ietf-dhc-dhcpv6-20.txt

Status of This Memo

   This document is a submission by the Dynamic Host Configuration
   Working Group of the Internet Engineering Task Force (IETF). Comments
   should be submitted to the dhcp-v6@bucknell.edu dhcwg@ietf.org mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

    The list of current Internet-Drafts can be accessed at:
         http://www.ietf.org/ietf/1id-abstracts.txt
    The list of Internet-Draft Shadow Directories can be accessed at:
         http://www.ietf.org/shadow.html.

Abstract

   The Dynamic Host Configuration Protocol for IPv6 (DHCP) enables
   DHCP servers to pass configuration parameters such as IPv6 network
   addresses to IPv6 nodes.  It offers the capability of automatic
   allocation of reusable network addresses and additional configuration
   flexibility.  This protocol is a stateful counterpart to "IPv6
   Stateless Address Autoconfiguration" [20], and can be used separately
   or concurrently with the latter to obtain configuration parameters.

                                Contents

Status of This Memo                                                    i

Abstract                                                               i

 1. Introduction                                                       1

 2. Requirements                                                       1

 3. Background                                                         1

 4. Design Goals                                                       3                                                       2

 5. Non-Goals                                                          3

 6. Terminology                                                        4                                                        3
     6.1. IPv6 Terminology  . . . . . . . . . . . . . . . . . . . .    4    3
     6.2. DHCP Terminology  . . . . . . . . . . . . . . . . . . . .    5

 7. DHCP Constants                                                     6
     7.1. Multicast Addresses . . . . . . . . . . . . . . . . . . .    6
     7.2. UDP ports . . . . . . . . . . . . . . . . . . . . . . . .    7    6
     7.3. DHCP message types  . . . . . . . . . . . . . . . . . . .    7
     7.4. Error Values Status Codes  . . . . . . . . . . . . . . . . . . . . . .    9    8
           7.4.1. Generic Error Values Status Codes  . . . . . . . . . . . . . .    9
           7.4.2. Server-specific Error Values Status Codes  . . . . . . . . . .    9
     7.5. Configuration Variables . . . . . . . . . . . . . . . . .    9

 8. Overview                                                          10
     8.1. How does a node know to use DHCP? . . . . . . . . . . . .   10
     8.2. What if the client and server(s) are on different links?   10
     8.3. How does a client request configuration parameters from
             servers? . . . . . . . . . . . . . . . . . . . . . . .   11
     8.4. How do clients and servers identify and manage addresses?   11
     8.5. Can a client release its assigned addresses before the lease
             expires? . . . . . . . . . . . . . . . . . . . . . . .   12
     8.6. What if the client determines one or more of its assigned
             addresses are already being used by another client?  .   12
     8.7. How are clients notified of server configuration changes?   12

 9.

 8. Message Formats                                                   12
     9.1.                                                   10
     8.1. DHCP Solicit Message Format . . . . . . . . . . . . . . .   13
     9.2.   11
     8.2. DHCP Advertise Message Format . . . . . . . . . . . . . .   13
     9.3.   11
     8.3. DHCP Request Message Format . . . . . . . . . . . . . . .   14
     9.4.   12
     8.4. DHCP Confirm Message Format . . . . . . . . . . . . . . .   14
     9.5.   12
     8.5. DHCP Renew Message Format . . . . . . . . . . . . . . . .   15
     9.6.   12
     8.6. DHCP Rebind Message Format  . . . . . . . . . . . . . . .   15
     9.7.   12
     8.7. DHCP Reply Message Format . . . . . . . . . . . . . . . .   15
     9.8.   13
     8.8. DHCP Release Message Format . . . . . . . . . . . . . . .   16
     9.9.   13
     8.9. DHCP Decline Message Format . . . . . . . . . . . . . . .   16
    9.10.   13
    8.10. DHCP Reconfigure-init Message Format  . . . . . . . . . .   17

10.   13

 9. Relay messages                                                    17
    10.1.                                                    14
     9.1. Relay-forward message . . . . . . . . . . . . . . . . . .   17
    10.2.   14
     9.2. Relay-reply message . . . . . . . . . . . . . . . . . . .   18

11.   15

10. DHCP unique identifier (DUID)                                     18

12. Identity association                                              18

13. DHCP Server Solicitation                                          19
    13.1. Solicit Message Validation                                     15
    10.1. DUID contents . . . . . . . . . . . . . . .   19
    13.2. Advertise Message Validation . . . . . . .   15
    10.2. DUID based on link-layer address plus time  . . . . . . .   19
    13.3. Client Behavior   16
    10.3. Vendor-assigned unique ID.  . . . . . . . . . . . . . . .   17
    10.4. Link-layer address  . . . . . .   19
          13.3.1. Creation and sending of the Solicit message . . .   19
          13.3.2. Time out and retransmission of Solicit Messages .   20
          13.3.3. Receipt of Advertise messages . . . . . . . . . .   17

11. Identity association                                              18

12. Selecting addresses for assignment to an IA                       18

13. Reliability of Client Initiated Message Exchanges                 19

14. Message validation                                                20
    13.4. Server Behavior
    14.1. Use of Transaction-ID field . . . . . . . . . . . . . . .   21
    14.2. Solicit message . . . . . . .   21
          13.4.1. Receipt of Solicit messages . . . . . . . . . . .   21
          13.4.2. Creation and sending of Advertise messages . . .   21

14. DHCP Client-Initiated Configuration Exchange                      22
    14.1. Client Message Validation
    14.3. Advertise message . . . . . . . . . . . . . . . .   23
    14.2. Server Message Validation . . . .   21
    14.4. Request message . . . . . . . . . . . .   23
    14.3. Client Behavior . . . . . . . . .   21
    14.5. Confirm message . . . . . . . . . . . .   24
          14.3.1. Creation and sending of Request messages . . . .   24
          14.3.2. Creation and sending of Confirm messages . . . .   25
          14.3.3. Creation and sending of .   21
    14.6. Renew messages message . . . . .   26
          14.3.4. Creation and sending of Rebind messages . . . . .   27
          14.3.5. Receipt of Reply message in response to a Request,
                          Confirm, Renew or Rebind message . . . . .  28
          14.3.6. Creation and sending of Release messages . . . .   29
          14.3.7. Time out and retransmission of Release Messages .   30
          14.3.8. Receipt of Reply message in response to a Release
                          message . .   21
    14.7. Rebind message  . . . . . . . . . . . . . . .  30
          14.3.9. Creation and sending of Decline messages . . . .   30
         14.3.10. Time out and retransmission of Decline Messages .   31
         14.3.11. Receipt of Reply message in response to a Release
                          message .   22
    14.8. Decline messages  . . . . . . . . . . . . . . . .  31
    14.4. Server Behavior . . . .   22
    14.9. Release message . . . . . . . . . . . . . . . . .   31
          14.4.1. Receipt of Request messages . . . .   22
   14.10. Reply message . . . . . . .   32
          14.4.2. Receipt of Confirm messages . . . . . . . . . . .   32
          14.4.3. Receipt of Renew messages . . . .   22
   14.11. Reconfigure-init message  . . . . . . . .   33
          14.4.4. Receipt of Rebind messages . . . . . . . .   22
   14.12. Relay-forward message . . .   34
          14.4.5. Receipt of Release messages . . . . . . . . . . .   35
          14.4.6. Sending of Reply messages . . . .   23
   14.13. Relay-reply message . . . . . . . .   36

15. DHCP Server-Initiated Configuration Exchange                      36
    15.1. Reconfigure-init Message Validation . . . . . . . . . . .   36
    15.2.   23

15. DHCP Server Solicitation                                          23
    15.1. Client Behavior . . . . . . . . . . . . . . . . . . . . .   36
          15.2.1.   23
          15.1.1. Creation and sending of Reconfigure-init messages   36
          15.2.2. Time out and retransmission of Reconfigure-init Solicit messages  . . . . . . . . . .   23
          15.1.2. Transmission of Solicit Messages  . . . . . . . .  37
          15.2.3.   23
          15.1.3. Receipt of Request Advertise messages . . . . . . . . . . .   37
    15.3. Client   25
    15.2. Server Behavior . . . . . . . . . . . . . . . . . . . . .   38
          15.3.1.   25
          15.2.1. Receipt of Reconfigure-init Solicit messages . . . . . .   38
          15.3.2. . . . . .   25
          15.2.2. Creation and sending transmission of Request Advertise messages .   26

16. DHCP Client-Initiated Configuration Exchange                      26
    16.1. Client Behavior . . .   39
          15.3.3. Time out and retransmission of Request messages .   39
          15.3.4. Receipt of Reply messages . . . . . . . . . . . .   39

16. Relay Behavior                                                    39
    16.1. Relaying . . . . .   27
          16.1.1. Creation and transmission of client Request messages . .   27
          16.1.2. Creation and transmission of Confirm messages . .   28
          16.1.3. Creation and transmission of Renew messages . . .   29
          16.1.4. Creation and transmission of Rebind messages  . .   31
          16.1.5. Receipt of Reply message in response to a Request,
                          Confirm, Renew or Rebind message . . . . . .   39
    16.2. Relaying  32
          16.1.6. Creation and transmission of server Release messages . .   33
          16.1.7. Receipt of Reply message in response to a Release
                          message  . . . . . . . . . . . . . . .   40

17. Authentication . .  35
          16.1.8. Creation and transmission of DHCP Decline messages                                   40
    17.1. DHCP threat model . . .   35
          16.1.9. Receipt of Reply message in response to a Decline
                          message  . . . . . . . . . . . . . . . . .   40
    17.2. Summary of DHCP authentication  36
    16.2. Server Behavior . . . . . . . . . . . . .   41
    17.3. Replay detection . . . . . . . .   36
          16.2.1. Receipt of Request messages . . . . . . . . . . .   36
          16.2.2. Receipt of Confirm messages .   41
    17.4. Configuration token protocol . . . . . . . . . .   37
          16.2.3. Receipt of Renew messages . . . .   42
    17.5. Delayed authentication protocol . . . . . . . .   38
          16.2.4. Receipt of Rebind messages  . . . . .   42
          17.5.1. Management issues in the delayed authentication
                          protocol . . . . . .   39
          16.2.5. Receipt of Release messages . . . . . . . . . . .  42
          17.5.2. Use   40
          16.2.6. Receipt of the Authentication option in the delayed
                          authentication protocol Decline messages . . . . . . . . .  43
          17.5.3. Message validation . .   40
          16.2.7. Sending of Reply messages . . . . . . . . . . . .   41

17. DHCP Server-Initiated Configuration Exchange                      41
    17.1. Server Behavior .   44
          17.5.4. Key utilization . . . . . . . . . . . . . . . . .   44
          17.5.5. Client considerations for delayed authentication
                          protocol . . .   41
          17.1.1. Creation and transmission of Reconfigure-init
                          messages . . . . . . . . . . . . . .  44
          17.5.6. Receiving Advertise messages . . .  41
          17.1.2. Time out and retransmission of Reconfigure-init
                          messages . . . . . . .   45
          17.5.7. Server considerations for delayed authentication
                          protocol . . . . . . . . . .  42
          17.1.3. Receipt of Request messages . . . . . . .  46

18. DHCP options                                                      46
    18.1. Format of DHCP options . . . .   42
    17.2. Client Behavior . . . . . . . . . . . . .   47
    18.2. DHCP unique identifier option . . . . . . . .   43
          17.2.1. Receipt of Reconfigure-init messages  . . . . . .   47
    18.3. Identity association option   43
          17.2.2. Creation and sending of Request messages  . . . .   44
          17.2.3. Time out and retransmission of Request messages .   44
          17.2.4. Receipt of Reply messages . . . . . . . . . . . .   47
    18.4. Option request option   44

18. Relay Behavior                                                    44
    18.1. Relaying of client messages . . . . . . . . . . . . . . .   45
    18.2. Relaying of server messages . . .   50
    18.5. Client message option . . . . . . . . . . . .   45

19. Authentication of DHCP messages                                   45
    19.1. DHCP threat model . . . . . .   50
    18.6. Server message option . . . . . . . . . . . . . .   46
    19.2. Security of messages sent between servers and relay agents  46
    19.3. Summary of DHCP authentication  . . . .   51
    18.7. Retransmission parameter option . . . . . . . . .   46
    19.4. Replay detection  . . . .   51
    18.8. DSTM Global IPv4 Address Option . . . . . . . . . . . . .   51
    18.9. Authentication option . . .   47
    19.5. Configuration token protocol  . . . . . . . . . . . . . .   47
    19.6. Delayed authentication protocol .   52
   18.10. Server unicast option . . . . . . . . . . . .   48
          19.6.1. Management issues in the delayed authentication
                          protocol . . . . . .   53
   18.11. Domain Search Option . . . . . . . . . . .  48
          19.6.2. Use of the Authentication option in the delayed
                          authentication protocol  . . . . . . .   53
   18.12. Domain Name Server Option . .  48
          19.6.3. Message validation  . . . . . . . . . . . . . .   54

19. DHCP Client Implementor Notes                                     55
    19.1. Primary Interface .   49
          19.6.4. Key utilization . . . . . . . . . . . . . . . . .   49
          19.6.5. Client considerations for delayed authentication
                          protocol . .   55
    19.2. Advertise Message and Configuration Parameter Caching . .   55
    19.3. Time out and retransmission variables . . . . . . . . . .   55
    19.4. Server Preference . . .  50
          19.6.6. Server considerations for delayed authentication
                          protocol . . . . . . . . . . . . . . . . .   56  51

20. DHCP Server Implementor Notes                                     56 options                                                      52
    20.1. Client Bindings Format of DHCP options  . . . . . . . . . . . . . . . . .   52
    20.2. DHCP unique identifier option . . . .   56
    20.2. Reconfigure-init Considerations . . . . . . . . . . . . .   56   53
    20.3. Server Preference . . . . . Identity association option . . . . . . . . . . . . . . .   56   53
    20.4. Request Message Transaction-ID Cache  . . . . . . . Option request option . . .   57

21. DHCP Relay Implementor Notes                                      57

22. Security                                                          57

23. Year 2000 considerations                                          57

24. IANA Considerations                                               57
    24.1. DHCPv6 options . . . . . . . . . . . . . . .   56
    20.5. Preference option . . . . . .   57
    24.2. Multicast addresses . . . . . . . . . . . . . .   56
    20.6. Elapsed Time  . . . . .   58
    24.3. Status codes . . . . . . . . . . . . . . . . .   57
    20.7. Client message option . . . . .   58
    24.4. Retransmission parameter option . . . . . . . . . . . . .   58
    24.5. Authentication   57
    20.8. Server message option . . . . . . . . . . . . . . . . . .   58

25. Acknowledgments                                                   59

 A. Comparison between DHCPv4 and DHCPv6                              59

 B. Full Copyright Statement                                          61

 C. Changes in this draft                                             61
     C.1. Reconfigure-init  . . . . . . .
    20.9. DSTM Global IPv4 Address Option . . . . . . . . . . . . .   62
     C.2.   58
   20.10. Authentication option . . . . . . . . . . . . . . . . . . . . .   62
     C.3. Confirm message .   59
   20.11. Server unicast option . . . . . . . . . . . . . . . . . .   60
   20.12. Domain Search Option  . .   62
     C.4. Failure of Rebind message . . . . . . . . . . . . . . . .   63
     C.5.   60
   20.13. Domain Name Server behavior in response to Release message  . . . . .   63
     C.6. Client behavior when sending a Release message  . . . . .   63
     C.7. IA option . . . Option . . . . . . . . . . . . . . . .   61
   20.14. Status Code Option  . . . . .   63
     C.8. DSTM option . . . . . . . . . . . . . .   61
   20.15. Circuit-ID Option . . . . . . . . .   63
     C.9. Server unicast option . . . . . . . . . . .   62
   20.16. User Class Option . . . . . . .   64
    C.10. Domain search option . . . . . . . . . . . . .   63
   20.17. Vendor Class Option . . . . .   64
    C.11. DNS servers option . . . . . . . . . . . . . .   63

21. Security Considerations                                           65

22. Year 2000 considerations                                          65

23. IANA Considerations                                               65
    23.1. Multicast addresses . . . . .   64
    C.12. DUID and IAID . . . . . . . . . . . . . .   65
    23.2. DHCPv6 message types  . . . . . . . .   64
    C.13. Continuing to poll with Solicit . . . . . . . . . .   65
    23.3. DUID  . . .   64
    C.14. Using DHCPv6 without address assignment . . . . . . . . .   64
    C.15. Potential crossing in flight of Request and Reconfigure-init
             messages . . . . . . . . . . . . . .   65
    23.4. DHCPv6 options  . . . . . . . . .   64

 D. Open Issues for Working Group Discussion                          64
     D.1. Generation and use of DUID and IAID . . . . . . . . . . .   65
     D.2. Address registration .   66
    23.5. Status codes  . . . . . . . . . . . . . . . . .   65
     D.3. Prefix advertisement . . . . .   66
    23.6. Authentication option . . . . . . . . . . . . .   65
     D.4. DHCP-DNS interaction . . . . . . . . . . . . . . . . . .   65
     D.5. Use of term "agent" . . . . . . . . . . . . . . . . . . .   65
     D.6. Additional options  . . . . . . . . . . . . . . . . . . .   65
     D.7. Operational parameters  . . . . . . . . . . . . . . . . .   65   66

24. Acknowledgments                                                   66

 A. Comparison between DHCPv4 and DHCPv6                              67

 B. Full Copyright Statement                                          69

References                                                            69

Chair's Address                                                       68

Author's Address                                                      68                                                       71

Authors' Addresses                                                    71

1. Introduction

   This document describes DHCP for IPv6 (DHCP), a UDP [18]
   client/server protocol designed to reduce the cost of management
   of IPv6 nodes in environments where network managers require more
   control over the allocation of IPv6 addresses and configuration
   of network stack parameters than that offered by "IPv6 Stateless
   Address Autoconfiguration" [20].  DHCP is a stateful counterpart to
   stateless autoconfiguration.  Note that both stateful and stateless
   autoconfiguration can be used concurrently in the same environment,
   leveraging the strengths of both mechanisms in order to reduce the
   cost of ownership and management of network nodes.

   DHCP reduces the cost of ownership by centralizing the management
   of network resources such as IP addresses, routing information, OS
   installation information, directory service information, and other
   such information on a few DHCP servers, rather than distributing such
   information in local configuration files among each network node.
   DHCP is designed to be easily extended to carry new configuration
   parameters through the addition of new DHCP "options" defined to
   carry this information.

   Those readers familiar with DHCP for IPv4 [7] will find DHCP for IPv6
   provides a superset of features, and benefits from the additional
   features of IPv6 and freedom from BOOTP [5]-backward the constraints of backward
   compatibility
   constraints. with BOOTP [5].  For more information about the
   differences between DHCP for IPv6 and DHCP for IPv4, see Appendix A.

2. Requirements

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in [3].

   This document also makes use of internal conceptual variables
   to describe protocol behavior and external variables that an
   implementation must allow system administrators to change.  The
   specific variable names, how their values change, and how their
   settings influence protocol behavior are provided to demonstrate
   protocol behavior.  An implementation is not required to have them in
   the exact form described here, so long as its external behavior is
   consistent with that described in this document.

3. Background

   The IPv6 Specification provides the base architecture and design of
   IPv6.  Related work in IPv6 that would best serve an implementor
   to study is the IPv6 Specification [6], the IPv6 Addressing
   Architecture [9], IPv6 Stateless Address Autoconfiguration [20], IPv6
   Neighbor Discovery Processing [16], and Dynamic Updates to DNS [22].
   These specifications enable DHCP to build upon the IPv6 work to
   provide both robust stateful autoconfiguration and autoregistration
   of DNS Host Names.

   The IPv6 Specification provides Addressing Architecture specification [9] defines the base architecture and design of
   IPv6.  A key point for DHCP implementors to understand is that IPv6
   requires
   address scope that every link can be used in the Internet have an MTU IPv6 implementation, and the
   various configuration architecture guidelines for network designers
   of 1280 octets
   or greater (in IPv4 the requirement IPv6 address space.  Two advantages of IPv6 are that support
   for multicast is 68 octets). required, and nodes can create link-local addresses
   during initialization.  This means that a UDP packet of 536 octets will always pass through an internetwork
   (less 40 octets for the IPv6 header), as long as there are no IP
   options prior client can immediately use
   its link-local address and a well-known multicast address to begin
   communications to discover neighbors on the UDP header in the packet.  But, IPv6 does not
   support fragmentation at routers, so that fragmentation takes place
   end-to-end between hosts.  If link.  For instance, a DHCP implementation needs to send a
   packet greater than 1500 octets it can either fragment the UDP packet
   into fragments of 1500 octets or less, or use Path MTU Discovery [11]
   to determine the size of the packet that will traverse a network
   path.

   DHCP clients use Path MTU discovery when they have an address of
   sufficient scope to reach the DHCP server.  If a DHCP client does not
   have such an address, that client MUST fragment its packets if the
   resultant message size is greater than the minimum 1280 octets.

   Path MTU Discovery for IPv6 is supported for both UDP and TCP and
   can cause end-to-end fragmentation when the PMTU changes for a
   destination.

   The IPv6 Addressing Architecture specification [9] defines the
   address scope that can be used in an IPv6 implementation, and the
   various configuration architecture guidelines for network designers
   of the IPv6 address space.  Two advantages of IPv6 are that support
   for multicast is required, and nodes can create link-local addresses
   during initialization.  This means that a client can immediately use
   its link-local address and a well-known multicast address to begin
   communications to discover neighbors on the link.  For instance, a
   client can
   client can send a Solicit message and locate a server or relay.

   IPv6 Stateless Address Autoconfiguration [20] (Addrconf) specifies procedures
   by which a node may autoconfigure addresses based on router
   advertisements [16], and the use of a valid lifetime to support
   renumbering of addresses on the Internet.  In addition the
   protocol interaction by which a node begins stateless or stateful
   autoconfiguration is specified.  DHCP is one vehicle to perform
   stateful autoconfiguration.  Compatibility with addrconf stateless address
   autoconfiguration is a design requirement of DHCP (see Section 4).

   IPv6 Neighbor Discovery [16] is the node discovery protocol in IPv6
   which replaces and enhances functions of ARP [17].  To understand
   IPv6 and Addrconf stateless address autoconfiguration it is strongly
   recommended that implementors understand IPv6 Neighbor Discovery.

   Dynamic Updates to DNS [22] is a specification that supports the
   dynamic update of DNS records for both IPv4 and IPv6.  DHCP can use
   the dynamic updates to DNS to integrate addresses and name space to
   not only support autoconfiguration, but also autoregistration in
   IPv6.

4. Design Goals

    -  DHCP is a mechanism rather than a policy.  Network administrators
       set their administrative policies through the configuration
       parameters they place upon the DHCP servers in the DHCP domain
       they're managing.  DHCP is simply used to deliver parameters
       according to that policy to each of the DHCP clients within the
       domain.

    -  DHCP is compatible with IPv6 stateless autoconf [20]. address
       autoconfiguration [20], statically configured, non-participating
       nodes and with existing network protocol implementations.

    -  DHCP does not require manual configuration of network parameters
       on DHCP clients, except in cases where such configuration is
       needed for security reasons.  A node configuring itself using
       DHCP should require no user intervention.

    -  DHCP does not require a server on each link.  To allow for scale
       and economy, DHCP must work across DHCP relays.

    -  DHCP coexists with statically configured, non-participating nodes
       and with existing network protocol implementations.

    -  DHCP clients can operate on a link without IPv6 routers present.

    -  DHCP will provide the ability to renumber network(s) when
       required by network administrators [4].

    -  A DHCP client can make multiple, different requests for
       configuration parameters when necessary from one or more DHCP
       servers at any time.

    -  DHCP will contain the appropriate time out and retransmission
       mechanisms to efficiently operate in environments with high
       latency and low bandwidth characteristics.

5. Non-Goals

   This specification explicitly does not cover the following:

    -  Specification of a DHCP server to server protocol.

    -  How a DHCP server stores its DHCP data.

    -  How to manage a DHCP domain or DHCP server.

    -  How a DHCP relay is configured or what sort of information it may
       log.

6. Terminology

   This sections defines terminology specific to IPv6 and DHCP used in
   this document.

6.1. IPv6 Terminology

   IPv6 terminology relevant to this specification from the IPv6
   Protocol [6], IPv6 Addressing Architecture [9], and IPv6 Stateless
   Address Autoconfiguration [20] is included below.

      address                 An IP layer identifier for an interface or
                              a set of interfaces.

      unicast address         An identifier for a single interface.
                              A packet sent to a unicast address is
                              delivered to the interface identified by
                              that address.

      multicast address       An identifier for a set of interfaces
                              (typically belonging to different nodes).

                              A packet sent to a multicast address is
                              delivered to all interfaces identified by
                              that address.

      host                    Any node that is not a router.

      IP                      Internet Protocol Version 6 (IPv6).  The
                              terms IPv4 and IPv6 are used only in
                              contexts where it is necessary to avoid
                              ambiguity.

      interface               A node's attachment to a link.

      link                    A communication facility or medium over
                              which nodes can communicate at the link
                              layer, i.e., the layer immediately below
                              IP. Examples are Ethernet (simple or
                              bridged); Token Ring; PPP links, X.25,
                              Frame Relay, or ATM networks; and Internet
                              (or higher) layer "tunnels", such as
                              tunnels over IPv4 or IPv6 itself.

      link-layer identifier   A link-layer identifier for an interface.
                              Examples include IEEE 802 addresses for
                              Ethernet or Token Ring network interfaces,
                              and E.164 addresses for ISDN links.

      link-local address      An IP IPv6 address having link-only
                              scope, indicated by having the prefix
                              (FE80::0000/64), that can be used to reach
                              neighboring nodes attached to the same
                              link.  Every interface has a link-local
                              address.

      message                 A unit of data carried in a packet,
                              exchanged between DHCP agents and clients.

      neighbor                A node attached to the same link.

      node                    A device that implements IP.

      packet                  An IP header plus payload.

      prefix                  The initial bits of an address, or a set
                              of IP address that share the same initial
                              bits.

      prefix length           The number of bits in a prefix.

      router                  A node that forwards IP packets not
                              explicitly addressed to itself.

6.2. DHCP Terminology

   Terminology specific to DHCP can be found below.

      abort status              A status value returned to the
                                application that has invoked a DHCP
                                client operation, indicating anything
                                other than success.

      agent address             The address of a neighboring DHCP Agent
                                on the same link as the DHCP client.

      binding                   A binding (or, client binding) is a
                                group of server data records containing
                                the server's information the server has about
                                the addresses in an IA and any other
                                configuration information assigned to
                                the client.  A binding is indexed by the
                                tuple <DUID, IAID>.

      DHCP                      Dynamic Host Configuration Protocol
                                for IPv6.  The terms DHCPv4 and DHCPv6
                                are used only in contexts where it is
                                necessary to avoid ambiguity.

      configuration parameter   An element of the configuration
                                information set on the server and
                                delivered to the client using DHCP.
                                Such parameters may be used to carry
                                information to be used by a node to
                                configure its network subsystem and
                                enable communication on a link or
                                internetwork, for example.

      DHCP client (or client)   A node that initiates requests on a link
                                to obtain configuration parameters from
                                one or more DHCP servers.

      DHCP domain               A set of links managed by DHCP and
                                operated by a single administrative
                                entity.

      DHCP server (or server)   A server is a node that responds to
                                requests from clients, and may or
                                may not be on the same link as the
                                client(s).

      DHCP relay (or relay)     A node that acts as an intermediary to
                                deliver DHCP messages between clients
                                and servers, and is on the same link as
                                a client.

      DHCP agent (or agent)     Either a DHCP server on the same link as
                                a client, or a DHCP relay.

      DUID                      A DHCP unique identifier Unique IDentifier for a client.

      Identity association (IA) A collection of addresses assigned to
                                a client.  Each IA has an associated
                                IAID. An IA may have 0 or more addresses
                                associated with it.

      Identity association identifier (IAID) An identifier for an IA,
                                chosen by the client.  Each IA has an
                                IAID, which is chosen to be unique among
                                all IAIDs for IAs belonging to that
                                client.

      transaction-ID            An unsigned integer to match responses
                                with replies initiated either by a
                                client or server.

7. DHCP Constants

   This section describes various program and networking constants used
   by DHCP.

7.1. Multicast Addresses

   DHCP makes use of the following multicast addresses:

      All DHCP Agents

      All_DHCP_Agents address:  FF02::1:2 This link-scoped multicast
                 address is used by clients to communicate with the
                 on-link agent(s) when they do not know those agents' the link-local address(es).
                 address(es) for those agents.  All agents (servers and
                 relays) are members of this multicast group.

      All DHCP Servers

      All_DHCP_Servers address:  FF05::1:3 This site-scoped multicast
                 address is used by clients or relays to communicate
                 with server(s), either because they want to send
                 messages to all servers or because they do not know
                 the server(s) unicast address(es).  Note that in order
                 for a client to use this address, it must have an
                 address of sufficient scope to be reachable by the
                 server(s).  All servers within the site are members of
                 this multicast group.

7.2. UDP ports

   DHCP uses the following destination UDP [18] port numbers.  While
   source ports MAY be arbitrary, client implementations SHOULD permit
   their specification through a local configuration parameter to
   facilitate the use of DHCP through firewalls.

      546        Client port.  Used by servers as the destination port
                 for messages sent to clients and relays.  Used by relay
                 agents as the destination port for messages sent to
                 clients.

      547        Agent port.  Used as the destination port by clients
                 for messages sent to agents.  Used as the destination
                 port by relays for messages sent to servers.

7.3. DHCP message types

   DHCP defines the following message types.  More detail on these
   message types can be found in Section 9. 8.  Message types 0 and
   TBD--255 13-255
   are reserved and MUST be silently ignored. for future use.  The message code for each message type
   is shown with the message name.

      SOLICIT (1)          The DHCP Solicit (or Solicit) message is used by clients to
                           locate servers.

      ADVERTISE (2)        The DHCP Advertise (or Advertise) message is used by servers
                           responding to Solicits.

      REQUEST (3)          The DHCP Request (or Request) message is used by clients
                           to request configuration parameters from
                           servers.

      CONFIRM (4)          The DHCP Confirm (or Confirm) message is used by clients to
                           confirm that the addresses assigned to an IA
                           and the lifetimes for those addresses, as
                           well as the current configuration parameters
                           assigned by the server to the client are
                           still valid.

      RENEW (5)            The DHCP Renew (or Renew) message is used by clients to
                           obtain the addresses assigned to an IA and
                           the lifetimes for those addresses, as well as
                           the current configuration parameters assigned
                           by the server to the client.  A client sends
                           a Renew message to the server that originally
                           assigned the IA when the lease on an IA is
                           about to expire.

      REBIND (6)           The DHCP Rebind (or Rebind) message is used by clients to
                           obtain the addresses assigned to an IA and
                           the lifetimes for those addresses, as well as
                           the current configuration parameters assigned
                           by the server to the client.  A clients
                           sends a Rebind message to all available DHCP
                           servers when the lease on an IA is about to
                           expire.

      REPLY (7)            The DHCP Reply (or Reply) message is used by servers
                           responding to Request, Confirm, Renew,
                           Rebind, Release and Decline messages.  In the
                           case of responding to a Request, Confirm,
                           Renew or Rebind message, the Reply contains
                           configuration parameters destined for the
                           client.

      RELEASE (8)          The DHCP Release (or Release) message is used by clients to
                           return one or more IP addresses to servers.

      DECLINE (9)          The DHCP Decline (or Decline) message is used by clients to
                           indicate that the client has determined that
                           one or more addresses in an IA are already
                           in use on the link to which the client is
                           connected.

      RECONFIG-INIT (10)   The DHCP Reconfigure-init (or
                           Reconfigure-init) message is sent by
                           server(s) to inform client(s) that the
                           server(s) has new or updated configuration
                           parameters, and that the client(s) are to
                           initiate a Request/Reply transaction with the
                           server(s) in order to receive the updated
                           information.

      RELAY-FORW (11)      The DHCP Relay-forward (or Relay-forward) message is used by relays
                           to forward client messages to servers.  The
                           client message is encapsulated in an option
                           in the Relay-forward message.

      RELAY-REPL (12)      The DHCP Relay-reply (or Relay-reply) message is used by servers
                           to send messages to clients through a relay.
                           The server encapsulates the client message
                           as an option in the Relay-reply message,
                           which the relay extracts and forwards to the
                           client.

7.4. Error Values Status Codes

   This section describes error values status codes exchanged between DHCP
   implementations.  These status codes may appear in the Status Code
   option or in the status field of an IA.

7.4.1. Generic Error Values Status Codes

   The following symbolic names status codes in this section are used between client clients and server
   implementations servers
   to convey error status conditions.  The following table contains the actual numeric values status
   codes, the name for each name. code (as used in this document) and a brief
   description.  Note that the numeric values do not start at 1, nor are
   they consecutive.  The
   errors status codes are organized in logical groups.

   _______________________________________________________________
   |Error_Name___|Error_ID|_Description_________________________|_
   |Success______|00______|_Success_____________________________|_
   |UnspecFail___|16______|_Failure,_reason_unspecified_________|_
   |AuthFailed___|17______|_Authentication_failed_or_nonexistent|_
   |PoorlyFormed_|18______|_Poorly_formed_message_______________|_
   |Unavail______|19______|_Addresses_unavailable_______________|_

   Name         Code Description
   ----------   ---- -----------
   Success         0 Success
   UnspecFail     16 Failure, reason unspecified
   AuthFailed     17 Authentication failed or nonexistent
   PoorlyFormed   18 Poorly formed message
   AddrUnavail    19 Addresses unavailable
   OptionUnavail  20 Requested options unavailable

7.4.2. Server-specific Error Values Status Codes

   The following symbolic names status codes in this section are used by server implementations servers to convey error status
   conditions to clients.  The following table contains the
   actual status
   codes, the name for each code (as used in this document) and a brief
   description.  Note that the numeric values do not start at 1, nor are
   they consecutive.  The status codes are organized in logical groups.

   Name         Code Description
   ----         ---- -----------
   NoBinding      32 Client record (binding) unavailable
   ConfNoMatch    33 Client record Confirm not match IA
   RenwNoMatch    34 Client record Renew not match IA
   RebdNoMatch    35 Client record Rebind not match IA
   InvalidSource  36 Invalid Client IP address
   NoServer       37 Relay cannot find Server Address
   NoPrefixMatch  38 One or more prefixes of the addresses
                     in the IA is not valid for each name.
   _______________________________________________________________
   |Error_Name____|Error_ID|_Description________________________|_
   |NoBinding_____|20______|_Client_record_(binding)_unavailable|_
   |ConfNoMatch___|21______|_Client_record_Confirm_not_match_IA_|_

   |RenwNoMatch___|22______|_Client_record_Renew_not_match_IA___|_
   |RebdNoMatch___|23______|_Client_record_Rebind_not_match_IA__|_
   |InvalidSource_|24______|_Invalid_Client_IP_address__________|_
   |NoServer______|25______|_Relay_cannot_find_Server_Address___|_
   |ICMPError_____|64______|_Server_unreachable_(ICMP_error)____|_ the link
                     from which the client message was received
   ICMPError      64 Server unreachable (ICMP error)

7.5. Configuration Variables

   This section presents a table of client and server configuration
   variables and the default or initial values for these variables.  The
   client-specific variables MAY be configured on the server and MAY be
   delivered to the client through the "DHCP Retransmission

      Parameter
   Option" in a Reply message.

   _________________________________________________________________________
   |Parameter__________|Default|_Description______________________________|_
   |MIN_SOL_DELAY______|1______|_MIN_(secs)_to_delay_1st_mesg_____________|_
   |MAX_SOL_DELAY______|5______|_MAX_(secs)_to_delay_1st_mesg_____________|_
   |ADV_MSG_TIMEOUT____|500____|_SOL_Retrans_timer_(msecs)________________|_
   |ADV_MSG_MAX________|30_____|_MAX_timer_value_(secs)___________________|_
   |SOL_MAX_ATTEMPTS___|-1_____|_MAX_attempts_(-1_=_infinite)_____________|_
   |REP_MSG_TIMEOUT____|250____|_Retrans_timer_(msecs)_for_Reply__________|_
   |QRY_MSG_ATTEMPTS___|10_____|_MAX_Request/Confirm/Renew/Rebind_attempts|_
   |REL_MSG_ATTEMPTS___|5______|_MAX_Release/Decline_attempts_____________|_
   |RECREP_MSG_TIMEOUT_|2000___|_Retrans_timer_(msecs)____________________|_
   |REC_MSG_ATTEMPTS___|10_____|_Reconfigure_attempts_____________________|_
   |REC_THRESHOLD______|100____|_%_of_required_clients____________________|_
   |SRVR_PREF_WAIT_____|2______|_Advertise_Collect_timer_(secs)___________|_

8. Overview

   This section provides a general overview of the interaction between
   the functional entities of DHCP. The overview is organized as a
   series of questions and answers.  Details     Default  Description
   -------------------------------------
   MIN_SOL_DELAY     1 sec   Min delay of DHCP such as message
   formats and retransmissions can be found in later sections first Solicit
   MAX_SOL_DELAY     5 secs  Max delay of this
   document.

8.1. How does a node know to use DHCP?

   An unconfigured node determines that it is to use first Solicit
   SOL_TIMEOUT     500 msecs Initial Solicit timeout
   SOL_MAX_RT       30 secs  Max Solicit timeout value
   REQ_TIMEOUT     250 msecs Initial Request timeout
   REQ_MAX_RT       30 secs  Max Request timeout value
   REQ_MAX_RC       10       Max Request retry attempts
   CNF_TIMEOUT     250 msecs Initial Confirm timeout
   CNF_MAX_RT        1 sec   Max Confirm timeout
   CNF_MAX_RD       10 secs  Max Confirm duration
   REN_TIMEOUT      10 sec   Initial Renew timeout
   REN_MAX_RT      600 secs  Max Renew timeout value
   REB_TIMEOUT      10 sec   Initial Rebind timeout
   REB_MAX_RT      600 secs  Max Rebind timeout value
   REL_TIMEOUT     250 msecs Initial Release timeout
   REL_MAX_RT        1 sec   Max Release timeout
   REL_MAX_RC        5       MAX Release/Decline attempts
   DEC_TIMEOUT     250 msecs Initial Release timeout
   DEC_MAX_RT        1 sec   Max Release timeout
   DEC_MAX_RC        5       MAX Release/Decline attempts

8. Message Formats

   All DHCP for
   configuration of messages sent between clients and servers share an interface by detecting the presence (or absence)
   of routers on identical
   fixed format header and a variable format area for options.  Not all
   fields in the link.  If router(s) header are present, the node examines
   router advertisements to determine if DHCP should be used to
   configure in every message.

   All values in the interface.  If there message header and in options are no routers present, then in network byte
   order.

   The following diagram illustrates the node MUST use DHCP to configure message header:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type   |               transaction-ID                  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     |                         server-address                        |
     |                          (16 octets)                          |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     .                            options                            .
     .                          (variable)                           .
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following sections describe the interface.  Details use of
   this process can be found the fields in neighbor discovery [16] and stateless
   autoconfiguration [20].

8.2. What if the client and server(s) are on different links?

   Use of DHCP
   message header in such environments requires one or more DHCP relays
   be set up on the client's link, because a client may only have a
   link-local address.  Relays receive messages from the client and
   forward them to some set of servers within each of the DHCP domain.  The
   client messages.  In these descriptions,
   fields that are not used in a message is forwarded verbatim are marked as an option "unused".  All
   unused fields in the a message
   from the relay to the server.  A relay will include one of its own
   addresses (of sufficient scope) from the interface on the same link
   as the client, as well MUST be transmitted as zeroes and ignored
   by the prefix length receiver of that address, in its
   message to the server.  Servers receiving the forwarded traffic
   use this information to aid in selecting configuration parameters
   appropriate to the client's link.

   Servers use relays to forward messages to clients.  The message
   intended for message.

8.1. DHCP Solicit Message Format

      msg-type         SOLICIT

      transaction-ID   An unsigned integer generated by the client is carried as an option in the message used
                       to identify this Solicit message.

      server-address   (unused) MUST be 0

      options          See section 20.

8.2. DHCP Advertise Message Format

      msg-type         ADVERTISE

      transaction-ID   An unsigned integer used to identify this
                       Advertise message.  Copied from the
   relay.  The relay extracts the Solicit
                       message received from the option and forwards
   it to the client.  Servers use the relay's

      server-address   The IP address as of the destination server that generated this
                       message.  The address must have sufficient scope
                       to forward client-destined messages for final delivery be reachable from the client.

      options          See section 20.

8.3. DHCP Request Message Format

      msg-type         REQUEST

      transaction-ID   An unsigned integer generated by the relay.

   Relays forward client messages used
                       to servers using some combination identify this Request message.

      server-address   The IP address of the All DHCP Servers site-local multicast address, some other
   (perhaps a combination) of site-local multicast addresses set up
   within the DHCP domain server to include the servers in that domain, or a
   list of unicast addresses for servers.  The network administrator
   makes relay configuration decisions based upon the topological
   requirements (scope) of the DHCP domain they are managing.  Note
   that if which the this
                       message is directed, copied from an Advertise
                       message.

      options          See section 20.

8.4. DHCP domain spans more than the site-local scope, then
   the relays MUST be configured with global addresses for Confirm Message Format

      msg-type         CONFIRM

      transaction-ID   An unsigned integer generated by the client's
   link so as client used
                       to identify this Confirm message.

      server-address   MUST be reachable zero.

      options          See section 20.

8.5. DHCP Renew Message Format

      msg-type         RENEW

      transaction-ID   An unsigned integer generated by servers outside the relays' site-local
   environment.

8.3. How does a client request configuration parameters from servers?

   To request configuration parameters, the client forms a Request
   message, and sends it used
                       to identify this Renew message.

      server-address   The IP address of the server either directly (the server to which this Renew
                       message is
   on directed, which MUST be the same link as address
                       of the client) or indirectly (through server from which the IAs in this message
                       were originally assigned.

      options          See section 20.

8.6. DHCP Rebind Message Format

      msg-type         REBIND

      transaction-ID   An unsigned integer generated by the on-link
   relay).  The client MAY include a Option Request Option 18.4 (ORO)
   along with other used
                       to identify this Rebind message.

      server-address   MUST be zero.

      options          See section 20.

8.7. DHCP Reply Message Format

      msg-type         REPLY

      transaction-ID   An unsigned integer used to request specific information identify this
                       Reply message.  Copied from the
   server.  Note that the client MAY form multiple Request messages
   and send each of them to different servers to request potentially
   different information (perhaps based upon what was advertised) in
   order to satisfy its needs.  As a client's needs may change over time
   (perhaps based upon an application's requirements), Request,
                       Confirm, Renew or Rebind message received from
                       the client may
   form additional Request messages to request additional information as
   it is needed. client.

      server-address   The server(s) respond with Reply messages containing IP address of the requested
   configuration parameters, which can include status information
   regarding server.  The address must
                       have sufficient scope to be reachable from the information requested
                       client.

      options          See section 20.

8.8. DHCP Release Message Format

      msg-type         RELEASE

      transaction-ID   An unsigned integer generated by the client.  The Reply MAY
   also include additional information.

8.4. How do clients and servers client used
                       to identify and manage addresses?

   Servers and clients manage addresses in groups called "identity
   associations." Each identity association (IA) is identified using
   a unique identifier.  An identity association may contain one or
   more IPv6 this Release message.

      server-address   The IP address of the server that assigned the
                       addresses.

      options          See section 20.

8.9. DHCP servers assign addresses to identity
   associations.  DHCP clients use Decline Message Format

      msg-type         DECLINE

      transaction-ID   An unsigned integer generated by the addresses in an identity
   association to configure interfaces.  There is always at least one
   identity association per interface that a client wishes used
                       to configure.
   Each identify this Decline message.

      server-address   The IP address in an IA has its own preferred and valid lifetime.  Over
   time, of the server may change the characteristics of that assigned the addresses in
   an IA; for example,
                       addresses.

      options          See section 20.

8.10. DHCP Reconfigure-init Message Format

      msg-type         RECONFIG-INIT

      transaction-ID   An unsigned integer generated by changing the preferred or valid lifetime for
   an address in the IA. The server may also add or delete addresses
   from an IA; for example, deleting old addresses and adding new
   addresses to renumber a client.  A client can request the current
   list of addresses assigned used
                       to an IA from a server through an exchange identify this Reconfigure-init message.

      server-address   The IP address of protocol messages.

8.5. Can a client release its assigned addresses before the lease
   expires?

   A client forms a Release message, including options identifying DHCP server issuing the IA
                       Reconfigure-init message.  The address must have
                       sufficient scope to be released.  The client sends reachable from the Release client.

      options          See section 20.

9. Relay messages

   Relay agents exchange messages with servers to forward messages
   between clients and servers that are not connected to the server same link.
   There are two relay messages, which assigned the addresses to share the client initially.  If that
   server cannot be reached after a certain following format:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type   |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     |                          link-prefix                          |
     |                                                               |
     |                                                               |
     |               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     |               |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     |                     client-return-address                     |
     |                                                               |
     |                                                               |
     |               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     |               |                                               |
     +-+-+-+-+-+-+-+-+                                               |
     .                                                               .
     .            options (variable number of attempts (see
   section 7.5), and length)   ....        .
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following sections describe the client can abandon use of the Release attempt.  In this
   case, Relay message header.

9.1. Relay-forward message

   The following table defines the address(es) use of message fields in a
   Relay-forward message.

      msg-type                RELAY-FORW

      link-prefix             An address with a prefix that is assigned
                              to the IA will be reclaimed by the server(s)
   when the lifetimes on the addresses expire.

8.6. What if link from which the client determines one or more of its should
                              be assigned addresses
   are already being used by another client?

   If an address.

      client-return-address   The source address from the client determines through a mechanism like Duplicate Address
   Detection [20] that IP datagram
                              in which the address it message from the client was assigned
                              received by the server is
   already in use relay agent

      options                 MUST include a "Client message option";
                              see section 20.7; MAY include other
                              options added by another client, the client will send a Decline relay agent

9.2. Relay-reply message to

   The following table defines the server.

8.7. How are clients notified use of server configuration changes?

   There are two possibilities.  Either the clients discover the new
   information when they revisit the server(s) message fields in a
   Relay-forward message.

      msg-type                RELAY-REPL

      link-prefix             An address with a prefix that is assigned
                              to request additional
   configuration information/extend the lifetime on link from which the client should
                              be assigned an address.  or
   through a server-initiated event known as a reconfigure event.

      client-return-address   The reconfiguration feature of DHCP offers network administrators source address from the opportunity to update configuration information on DHCP clients
   whenever necessary.  To signal IP datagram
                              in which the message from the need for client reconfiguration, was
                              received by the server will unicast relay agent

      options                 MUST include a Reconfigure-init "Server message to each option";
                              see section 20.8; MAY include other
                              options

10. DHCP unique identifier (DUID)

   Each DHCP client
   individually.  A Reconfigure-init is has a trigger which will cause the
   client(s) DUID. DHCP servers use DUIDs to initiate a standard Request/Reply exchange with identify
   clients for the
   server selection of configuration parameters and in order to acquire
   the new or updated addresses.

9. Message Formats

   Each DHCP message has an identical fixed format header; some messages
   also allow association of IAs with clients.  See section 20.2 for the
   representation of a variable format area DUID in a DHCP message.

   Servers MUST treat DUIDs as opaque values and must only compare DUIDs
   for options.  Not all fields equality.  Servers MUST NOT in any other way interpret DUIDs.
   Servers MUST NOT restrict DUIDs to the header are used types defined in every message.  In this section, every field document
   as additional DUID types may be defined in the future.

   The DUID is described for every message carried in an option because it may be variable length
   and fields that are because it is not used required in all DHCP options (e.g., messages
   sent by servers need not include a
   message are marked DUID). The DUID must be unique
   across all DHCP clients, and it must also be consistent for the same
   client - that is, the DUID used by a client SHOULD NOT change over
   time; for example, as "unused".  All unused fields in a message MUST result of network hardware reconfiguration.

   The motivation for having more than one type of DUID is that the DUID
   must be transmitted as zeroes globally unique, and ignored by must also be easy to generate.  The sort
   of globally-unique identifier that is easy to generate for any given
   device can differ quite widely.  Also, some devices may not contain
   any persistent storage.  Retaining a generated DUID in such a device
   is not possible, so the receiver DUID scheme must accommodate such devices.

10.1. DUID contents

   A DUID consists of a sixteen-bit type code represented in network
   order, followed by a variable number of octets that make up the message.
   actual identifier.  A DUID can be no more than 256 octets long.  The DHCP message header:

      0
   following types are currently defined:

       1                   2        Link-layer address plus time
       2        Vendor-assigned unique ID
       3        Link-layer address

   Formats for the variable field of the DUID for each of the above
   types are shown below.

10.2. DUID based on link-layer address plus time

   This type of DUID consists of four octets containing a time value,
   followed by a two octet network hardware type code, followed by
   link-layer address of any one network interface that is connected
   to the DHCP client device at the time that the DUID is generated.
   The time value is the time that the DUID is generated represented
   in seconds since midnight (UTC), January 1, 2000, modulo 2^32.  The
   hardware type MUST be a valid hardware type assigned by the IANA as
   described in the section on ARP in RFC 826.  Both the time and the
   hardware type are stored in network order.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    msg-type   |  preference   |         transaction-ID        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     |                   client-link-local-address                   |
     |                          (16 octets)                          |
     |                        Time (32 bits)                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
     |                         server-address                        |
     |    Hardware type (16 octets) bits)    |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                            options             link-layer address (variable length)              .
   .                                                               .
     |                          (variable)                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

9.1. DHCP Solicit Message Format

      msg-type                    SOLICIT

      preference                  (unused) MUST

   The choice of network interface can be 0

      transaction-ID              An unsigned integer generated by completely arbitrary, as long
   as that interface provides a unique link-layer address, and the
                                  client same
   DUID should be used in configuring all network interfaces connected
   to identify this Solicit
                                  message.

      client-link-local-address   The link-local the device, regardless of which interface's link-layer address was
   used to generate the DUID.

   DHCP clients using this type of DUID MUST store the DUID in stable
   storage, and MUST continue to use this DUID even if the network
   interface for which used to generate the client DUID is
                                  using DHCP.

      server-address              (unused) removed.  DHCP clients that do
   not have any stable storage MUST be 0

      options                     See section 18.

9.2. NOT use this type of DUID.

   DHCP Advertise Message Format

      msg-type                    ADVERTISE

      preference                  An unsigned integer indicating a
                                  server's willingness to provide
                                  service clients that use this DUID SHOULD attempt to configure the client.

      transaction-ID              An unsigned integer used time
   prior to identify
                                  this Advertise message.  Copied from
                                  the client's Solicit message.

      client-link-local-address   The IP link-local address of the
                                  client interface from which the client
                                  issued generating the Solicit message.

      server-address              The IP address DUID, if that is possible, and MUST use some
   sort of time source (e.g., a real-time clock) in generating the server
   DUID, even if that
                                  generated this message.  If the DHCP
                                  domain crosses site boundaries, then
                                  this address MUST be globally-scoped.

      options                     See section 18.

9.3. DHCP Request Message Format

      msg-type                    REQUEST

      preference                  (unused) MUST be 0

      transaction-ID              An unsigned integer generated time source is not configured by the
                                  client used user prior
   to identify this Request
                                  message.

      client-link-local-address generating the DUID. The link-local address use of a time source makes it unlikely
   that if the client network interface is removed from which the client will
                                  issue the Request message.

      server-address              The IP address of and another
   client then uses the server same network interface to which
                                  the this message is directed, copied
                                  from an Advertise message.

      options                     See section 18.

9.4. DHCP Confirm Message Format

      msg-type                    CONFIRM

      preference                  (unused) MUST generate a DUID,
   that two identical DUIDs will be 0

      transaction-ID              An unsigned integer generated by generated.  A DUID collision is
   very unlikely even if the
                                  client used clocks haven't been configured prior to identify this Confirm
                                  message.

      client-link-local-address   The link-local address of the client
                                  interface from which the client will
                                  issue
   generating the Confirm message.

      server-address              MUST be zero.

      options                     See section 18.

9.5. DHCP Renew Message Format

      msg-type                    RENEW

      preference                  (unused) MUST be 0

      transaction-ID              An unsigned integer generated by the
                                  client used to identify this Renew
                                  message.

      client-link-local-address DUID.

   This method of DUID generation is recommended for all general purpose
   computing devices such as desktop computers and laptop computers, and
   also for devices such as printers, routers, and so on, that contain
   some form of writable non-volatile storage.

10.3. Vendor-assigned unique ID.

   The link-local address vendor-assigned unique ID consists of an eight-octet
   vendor-unique identifier, followed by the client
                                  interface from which the client will
                                  issue the Renew message.

      server-address vendor's registered domain
   name.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        VUID (64 bits)                         |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   .                                                               .
   .                  domain name (variable length)                .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The IP address structure of the server VUID is left up to which
                                  this Renew message the vendor defining it, but
   each device containing such a VUID MUST be unique to each device
   that is directed, which using it, and MUST be assigned to the address of the server from
                                  which device at the IAs time of
   manufacture and stored in this message were
                                  originally assigned.

      options                     See section 18.

9.6. DHCP Rebind Message Format

      msg-type                    REBIND

      preference                  (unused) MUST some form of non-volatile storage.  The
   VUID SHOULD be 0

      transaction-ID              An unsigned integer generated recorded in non-erasable storage.  The domain name is
   simply any domain name that has been legally registered by the
                                  client used to identify vendor
   in the domain name system, stored in canonical form.  An example DUID
   of this Rebind
                                  message.

      client-link-local-address   The link-local type might look like this:

   +--+---+---+---+-+-+-+--+---+---+--+---+---+---+---+--+--+---+---+
   |12|192|132|221|3|0|9|18|101|120|97|109|112|108|101|46|99|111|109|
   +--+---+---+---+-+-+-+--+---+---+--+---+---+---+---+--+--+---+---+

   This is eight octets of VUID data, followed by "example.com"
   represented in ASCII.

10.4. Link-layer address

   This type of DUID consists of a two octet network hardware type code,
   followed by the client
                                  interface from which the client will
                                  issue link-layer address of any one network interface that
   is permanently connected to the Rebind message.

      server-address DHCP client device.  The hardware
   type MUST be zero.

      options                     See section 18.

9.7. DHCP Reply Message Format

      msg-type                    REPLY

      preference                  An unsigned integer indicating a
                                  server's willingness to provide
                                  service to valid hardware type assigned by the client.

      transaction-ID              An unsigned integer used to identify
                                  this Reply message.  Copied from IANA as described
   in the
                                  client's Request, Confirm, Renew or
                                  Rebind message.

      client-link-local-address section on ARP in RFC 826.  The link-local hardware type is stored in
   network order.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Hardware type (16 bits)    |                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
   .                                                               .
   .             link-layer address (variable length)              .
   .                                                               .
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The choice of the network interface for can be completely arbitrary, as
   long as that interface provides a unique link-layer address and
   is permanently attached to the device on which the client DUID is
                                  using DHCP.

      server-address being
   generated.  The IP address of the server.
                                  If the DHCP domain crosses site
                                  boundaries, then this address MUST be
                                  globally-scoped.

      options                     See section 18.

9.8. DHCP Release Message Format

      msg-type                    RELEASE

      preference                  (unused) MUST same DUID should be 0

      transaction-ID              An unsigned integer generated by the
                                  client used in configuring all network
   interfaces connected to identify this Release
                                  message.

      client-link-local-address   The client's link-local address for the interface from device, regardless of which the client
                                  will send the Release message.

      server-address              The IP interface's
   link-layer address of was used to generate the server that
                                  assigned the IA.

      options                     See section 18.

9.9. DHCP Decline Message Format

      msg-type                    DECLINE

      preference                  (unused) DUID.

   This type of DUID is recommended for devices that have a
   permanently-connected network interface with a link-layer address and
   do not have nonvolatile, writable stable storage.  This type of DUID
   MUST NOT be 0

      transaction-ID              An unsigned integer generated by the
                                  client used by DHCP clients that cannot tell whether or not a
   network interface is permanently attached to identify this Decline
                                  message.

      client-link-local-address   The client's link-local address for the interface from device on which the
   DHCP client
                                  will send the Decline message.

      server-address              The IP address is running.

11. Identity association

   An "identity-association" (IA) is a construct through which a server
   and a client can identify, group and manage IPv6 addresses.  Each IA
   consists of an IAID and a list of associated IPv6 addresses (the list
   may be empty).  A client associates an IA with one of its interfaces
   and uses the server IA to obtain IPv6 addresses for that
                                  assigned the addresses.

      options interface from a
   server.

   See section 18.

9.10. DHCP Reconfigure-init Message Format

      msg-type                    RECONFIG-INIT

      preference                  (unused) MUST be 0

      transaction-ID              (unused) MUST be 0

      client-link-local-address   (unused) MUST be 0

      server-address              The IP address of 20.3 for the representation of an IA in a DHCP server
                                  issuing the Reconfigure-init message.
                                  MUST be of sufficient scope

12. Selecting addresses for assignment to an IA

   A server selects addresses to be
                                  reachable by all clients.

      options                     See section 18.

10. Relay messages

   Relay agents exchange messages with servers assigned to forward messages
   between clients and servers that are not connected an IA according to the same link.

10.1. Relay-forward message

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type   | prefix length |                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |                                                               |
     |                         relay-address                         |
     |                                                               |
     |                               |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |            options (variable number
   address assignment policies determined by the server administrator
   and length)   ....        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      msg-type        RELAY-FORW

      prefix-length   The length of the prefix in specific information the address in server determines about the
                      "relay-address" field.

      relay-address   An address assigned to client
   from the interface through following sources:

    -  The link to which the client is attached:

        *  If the server receives the message directly from the client was received.

      options         MUST include a "Client message option"; see
                      section 18.5.

10.2. Relay-reply message

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    msg-type   | prefix length |                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |                                                               |
     |                         relay-address                         |
     |                                                               |
     |                               |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |            options (variable number
           and length)   ....        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      msg-type        RELAY-REPL

      prefix-length   The length of the prefix source address in the address IP datagram in which the
                      "relay-address" field.

      relay-address   An address identifying
           message was received is a link-local address, then the client
           is on the same link to which the interface through over which the
           message from was received is attached
        *  If the server should be forwarded;
                      copied from receives the "relay-forward" message.

      options         MUST include a "Server message option"; see
                      section 18.6.

11. DHCP unique identifier (DUID)

   Each DHCP client has a DUID. DHCP servers use DUIDs to identify
   clients for directly from the selection of configuration parameters client
           and the source address in the association of IAs with clients.  See section 18.2 for IP datagram in which the
   representation of
           message was received is not a DUID link-local address, then the
           client is on the link identified by the source address in the
           IP datagram

        *  If the server receives the message from a DHCP message.

   DISCUSSION:

      The syntax, rules for selecting and requirements for gloabl
      uniqueness in DUIDs are TBD.

      The DUID forwarding relay
           agent, then the client is carried on the same link as the one to
           which the interface identified by the link-prefix field in an option because it may be variable
      length and because it
           the message from the relay is not required attached

    -  The DUID supplied by the client

    -  Other information in all DHCP options
      (e.g., messages sent supplied by servers need not include a DUID).

12. Identity association

   An "identity-association" (IA) is a construct through which a server
   and a the client can identify, group and manage IPv6 addresses.  Each IA
   consists

    -  Other information in options supplied by the relay agent

13. Reliability of an IAID Client Initiated Message Exchanges

   DHCP clients are responsible for reliable delivery of messages in the
   client-initiated message exchanges described in sections 15 and 16.
   If a list of associated IPv6 addresses (the list
   may be empty).  A DHCP client associates an IA with one of its interfaces
   and uses the IA fails to obtain IPv6 addresses for that interface receive an expected response from a
   server.

   See section 18.3 for server,
   the representation of an IA in a DHCP client must retransmit its message.

13. DHCP Server Solicitation  This section describes how a client locates servers. the
   retransmission strategy to be used by clients in client-initiated
   message exchanges.

   The behavior
   of client and server implementations is discussed, along with begins the
   messages they use.

13.1. Solicit Message Validation

   Clients MUST silently discard any received Solicit messages.

   Agents MUST silently discard any received Solicit messages if the
   "client-link-local-address" field does not contain message exchange by transmitting a valid link-local
   address.

13.2. Advertise Message Validation

   Servers MUST discard any received Advertise messages.

   Clients MUST discard any Advertise messages that meet any of the
   following criteria:

     o The "Transaction-ID" field value does not match the value message to
   the
       client used in its Solicit message.

     o server.  The "client-link-local-address" field value does not match the
       link-local address of the interface upon which message exchange terminates when either the client sent
   successfully receives the Solicit message.

13.3. Client Behavior

   Clients use appropriate response or responses from a
   server or servers, or when the Solicit message exchange is considered to discover DHCP servers configured
   to serve addresses on the link have
   failed according to which the retransmission mechanism described below.

   The client retransmission behavior is attached.

13.3.1. Creation controlled and sending of the Solicit describe by five
   variables:

      RT     Retransmission timeout

      IRT    Initial retransmission time

      MRC    Maximum retransmission count

      MRT    Maximum retransmission time

      MRD    Maximum retransmission duration

      RAND   Randomization factor

   With each message

   The transmission or retransmission, the client sets the "msg-type" field RT
   according to SOLICIT, and places the
   link-local address of rules given below.  If RT expires before the interface it wishes to configure in message
   exchange terminates, the
   "client-link-local-address" field.

   The client generates a transaction ID inserts this value in recomputes RT and retransmits the
   "transaction-ID" field.

   The client includes a DUID option to identify itself to
   message.

   Each of the server.
   The client MUST computations of a new RT include options for any IAs to a randomization factor
   (RAND), which the client is
   expecting to have the server assign addresses.  Because the client
   does not have any IAs a random number chosen with addresses when sending a Solicit message,
   all uniform distribution
   between -0.1 and +0.1.  The randomization factor is included to
   minimize synchronization of the IAs MUST be empty. messages transmitted by DHCP clients.
   The client MAY include an Option
   Request Option in the Solicit message.  The client MUST NOT include
   any other options except those specifically allowed as defined by
   specific options.

   The client sends the Solicit message algorithm for choosing a random number does not need to the All DHCP Agents
   multicast address, destination port 547.  The source port selection
   can be arbitrary, although it
   cryptographically sound.  The algorithm SHOULD be possible using a client
   configuration facility to set produce a specific source port value.

13.3.2. Time out and retransmission different
   sequence of Solicit Messages

   The client's numbers from each invocation of the DHCP client.

   RT for the first Solicit message transmission is based on IRT:

      RT = 2*IRT + RAND*IRT

   RT for each subsequent message transmission is based on the interface MUST be delayed
   by previous
   value of RT:

      RT = 2*RTprev + RAND*RTprev

   MRT specifies an upper bound on the value of RT. If MRT has a random amount value
   of time between 0, there is no upper limit on the interval value of MIN_SOL_DELAY and
   MAX_SOL_DELAY. This random delay desynchronizes clients which start
   at RT. Otherwise:

    if (RT > MRT)
       RT = MRT + RAND*MRT

   MRC specifies an upper bound on the same time (e.g., after number of times a power outage).

   The client waits ADV_MSG_TIMEOUT, collecting Advertise messages. may
   retransmit a message.  If no Advertise messages are received, MRC has a value of 0, the client retransmits
   the Solicit, and doubles MUST
   continue to retransmit the ADV_MSG_TIMEOUT value.  This process
   continues original message until either one or more Advertise messages are received or
   ADV_MSG_TIMEOUT reaches a response is
   received.  Otherwise, the ADV_MSG_MAX value.  Thereafter, Solicits
   are retransmitted every ADV_MSG_MAX until SOL_MAX_ATTEMPTS have been
   made, at which time message exchange fails if the client MAY choose to stop trying
   attempts to DHCP
   configure transmit the interface.  An event external to DHCP is required
   to restart original message more than MRC times.

   MRD specifies an upper bound on the DHCP configuration process.  A DHCP length of time a client MAY,
   alternatively, choose to continue sending Solicit messages at the
   ADV_MSG_MAX interval.

   Default and initial values for MIN_SOL_DELAY, MAX_SOL_DELAY,
   ADV_MSG_TIMEOUT, AND ADV_MSG_MAX are documented in section 7.5.

13.3.3. Receipt of Advertise messages

   Upon receipt may
   retransmit a message.  If MRD has a value of one or more validated Advertise messages, 0, the client
   selects one or more Advertise messages based upon the following
   criteria.

    -  Those Advertise messages with MUST
   continue to retransmit the highest server preference
       value (see section 19.4) are preferred over all other Advertise
       messages.

    -  Within original message until a group of Advertise messages with response is
   received.  Otherwise, the message exchange fails if the same server
       preference value, a client MAY select those servers whose
       Advertise messages advertise information of interest
   attempts to transmit the client.  For example, one server may be advertising original message more than MRD seconds.

   If both MRC and MRD are non-zero, the
       availability of IP addresses which have an address scope message exchange fails whenever
   either of
       interest to the client.

   Once a client has selected Advertise message(s), conditions specified in the client will
   typically store previous paragraph are met.

14. Message validation

   Servers MUST discard any received messages that include
   authentication information about each server, such as server
   preference value, addresses advertised, when the advertisement was
   received, and so on.  Depending on the requirements of fail the client's
   invoking user, authentication check by the client MAY initiate a configuration exchange with
   server.

   Clients MUST discard any received messages that include
   authentication information and fail the server(s) immediately, or MAY defer this exchange until later.

   If authentication check by the client needs to select an alternate server
   client, except as noted in the case that section 19.6.5.2.

14.1. Use of Transaction-ID field

   The "transaction-ID" field holds a
   chosen value used by clients and servers
   to synchronize server does not respond, the responses to client chooses the server with
   the next highest preference value.

   The messages.  A client MAY SHOULD
   choose a less-preferred server if that server has a
   better set of advertised parameters, such as the available addresses
   advertised in IAs.

13.4. Server Behavior

   For this discussion, the server is assumed to have been configured in
   an implementation specific manner.  This configuration is assumed to
   contain all network topology information different transaction-ID for each new message it sends.  A
   client MUST leave the DHCP domain, as well
   as any necessary authentication information.

13.4.1. Receipt transaction-ID unchanged in retransmissions of Solicit messages

   If the server receives
   a message.

14.2. Solicit message, the client must be on the
   same link as the server.  If the server receives a Relay-forward message containing a

   Clients MUST discard any received Solicit message, the client must be on the
   link to which the prefix identified by the "relay-address" and
   "prefix-length" fields in the Relay-forward messages.

   Relay agents MUST discard any Solicit messages received through port
   546.

14.3. Advertise message is assigned.
   The server records

   Clients MUST discard any received Advertise messages in which the "relay-address"
   "Transaction-ID" field from the Relay-forward
   message and extracts the solicit message from value does not match the "client-message"
   option.

   If administrative policy permits value the server to respond to a client on
   that link, the server will generate used
   in its Solicit message.

   Servers and send an relay agents MUST discard any received Advertise
   messages.

14.4. Request message to
   the client.

13.4.2. Creation and sending of Advertise

   Clients MUST discard any received Request messages.

   Relay agents MUST discard any Request messages

   The server sets received through port
   546.

   Servers MUST discard any received Request message in which the "msg-type" field to ADVERTISE and copies the
   values of the following fields from the client's Solicit to the
   Advertise message:

     o transaction-ID

     o client-link-local-address
   The server places one of its IP addresses (determined through
   administrator setting) value
   in the "server-address" ``server-address'' field does not match any of the Advertise
   message.  The server sets addresses
   used by the "preference" field according to its
   configuration information.  See section 20.3 for a description of
   server preference.

   The server server.

14.5. Confirm message

   Clients MUST include options to the Advertise discard any received Confirm messages.

   Relay agents MUST discard any Confirm messages received through port
   546.

14.6. Renew message containing

   Clients MUST discard any addresses that would be assigned to IAs contained in the Solicit received Renew messages.

   Relay agents MUST discard any Renew messages received through port
   546.

   Servers MUST discard any received Renew message from the client.  The server MAY include other options the
   server will return to the client in a subsequent Reply message.
   The information in these options will be used by which the client value in
   the
   selection ``server-address'' field does not match any of a server if the client receives more than one Advertise
   message.

   If addresses used
   by the Solicit server.

14.7. Rebind message was

   Clients MUST discard any received in a Relay-forward message, the
   server constructs a Relay-reply message with the Advertise Rebind messages.

   Relay agents MUST discard any Rebind messages received through port
   546.

14.8. Decline messages

   Clients MUST discard any received Decline messages.

   Relay agents MUST discard any Decline messages received through port
   546.

   Servers MUST discard any received Decline message in which the payload of a "server-message" option.  The server unicasts the
   Relay-reply message to the address value
   in the "relay-address" ``server-address'' field from does not match any of the Relay-forward message.

   If addresses
   used by the Solicit server.

14.9. Release message was

   Clients MUST discard any received directly by Release messages.

   Relay agents MUST discard any Release messages received through port
   546.

   Servers MUST discard any received Release message in which the server, value
   in the
   server unicasts ``server-address'' field does not match any of the Advertise message directly to addresses
   used by the client using server.

14.10. Reply message

   Clients MUST discard any received Reply messages in which the "client-link-local-address"
   ``transaction-ID'' field in the message does not match the value as used
   in the destination
   address.  The Advertise original message.

   Servers and relay agents MUST discard any received Reply messages.

14.11. Reconfigure-init message

   Servers and relay agents MUST be unicast through discard any received Reconfigure-init
   messages.

   Clients MUST discard any Reconfigure-init messages that do not
   contain an authentication option or that fail the interface
   on which authentication
   performed by the Solicit client.

14.12. Relay-forward message was received.

14.

   Clients MUST discard any received Relay-forward messages.

14.13. Relay-reply message

   Clients and servers MUST discard any received Relay-reply messages.

15. DHCP Client-Initiated Configuration Exchange Server Solicitation

   This section describes how a client locates servers.

15.1. Client Behavior

   A client initiates a uses the Solicit message exchange with a server or to discover DHCP servers configured
   to
   acquire or update configuration information of interest.  The client
   may initiate the configuration exchange as part of serve addresses on the operating
   system configuration process or when requested link to do so by which the
   application layer. client is attached.

15.1.1. Creation of Solicit messages

   The client uses sets the following messages "msg-type" field to initiate a configuration
   event:

      Request   Obtain initial configuration information (from SOLICIT. The client generates
   a server
                identified transaction ID and inserts this value in a previously received Advertise message)
                when the "transaction-ID"
   field.

   The client has no assigned addresses

      Confirm   Confirm the validity of assigned addresses and other
                configuration changes through the server from which the
                configuration information was obtained when MUST include a DUID option to identify itself to the client's
                assigned addresses may not be valid;
   server.  The client MUST include options for example, when any IAs to which it
   wants the server to assign addresses.  The client reboots or loses its connection MAY choose not to a link

      Renew     Extend the lease on an IA through
   include any IAs in the server Solicit message if it does not need to request
   that
                originally assigned the IA

      Rebind    Extend the lease on an IA through any server willing addresses be assigned.  The client MAY include addresses in
   the IAs as a hint to
                extend the lease
      Release   Release server about addresses for which the lease on client
   may have a preference.  The client MAY include an IA and release all of the
                addresses contained Option Request
   Option in the IA,

      Decline   Decline the assignment Solicit message.  The client MUST NOT include any other
   options except those specifically allowed as defined by specific
   options.

15.1.2. Transmission of one or more addresses in an
                IA.

   A Solicit Messages

   The client uses sends the Release/Reply Solicit message exchange to indicate the All_DHCP_Agents
   multicast address.  The client MUST use an IPv6 address assigned
   to the
   DHCP server that interface for which the client will no longer be using is interested in obtaining
   configuration information as the addresses source address in the released IA.

   A client uses IP header of
   the datagram carrying the Decline/Reply Solicit message.

   The Solicit message exchange to indicate to MUST be transmitted on the
   DHCP server link that the
   interface for which configuration information is being obtained
   is attached to.  The client has detected that one or more addresses
   assigned by the server is already in use on SHOULD send the client's link.

14.1. Client Message Validation

   Clients MUST silently discard any received client messages (Request,
   Confirm, Renew, Rebind, Release or Decline messages).

   Agents MUST discard any received message through that
   interface.  The client messages in which MAY send the
   "client-link-local-address" field does not contain a valid link-local
   address.

   Servers MUST discard any received client messages in which message through another interface
   attached to the
   "options" field contains an authentication option, same link if and only if the server
   cannot successfully authenticate client is certain the client.

   Servers MUST discard any received Request, Renew, Release or Decline
   the two interface are attached to the same link.

   The first Solicit message in which from the "server-address" field value does not match any
   of client on the server's addresses.

14.2. Server Message Validation

   Servers MUST silently discard any received server messages
   (Advertise, Reply or Reconfigure-init messages).

   Clients interface MUST discard any server messages that meet any
   be delayed by a random amount of time between MIN_SOL_DELAY and
   MAX_SOL_DELAY. This random delay desynchronizes clients which start
   at the
   following criteria:

     o same time (e.g., after a power outage).

   The "transaction-ID" field value in client transmits the server message does
       not match the value according to section 13, using the client used in its Request or Release
       message.

     o
   following parameters:

      IRT   SOL_TIMEOUT

      MRT   SOL_MAX_RT

      MRC   0

      MRD   0

   The "client-link-local-address" field value mechanism in section 13 is modified as follows for use in the server
   transmission of Solicit messages.  The message
       does exchange is not match
   terminated by the link-local address receipt of the interface from which an Advertise before SOL_TIMEOUT has
   elapsed.  Rather, the client sent in its Request, Confirm, Renew, Rebind, Release
       or Decline message.

     o collects Advertise messages until
   SOL_TIMEOUT has elapsed.  The server message contains an authentication option, and the
       client's attempt first RT MUST be selected to authenticate the message fails.

   Relays be
   strictly greater than SOL_TIMEOUT by choosing RAND to be strictly
   greater than 0.

   A client MUST discard any Relay-reply collect Advertise messages for SOL_TIMEOUT seconds,
   unless it receives an Advertise message in which the
   "client-link-local-address" with a preference value
   of 255.  The preference value is carried in the encapsulated Reply message Preference option
   (section  20.5).  Any Solicit that does not contain include a valid link-local address.

14.3. Client Behavior

   A client will use Request, Confirm, Renew and Rebind messages Preference
   option is considered to
   acquire and confirm the validity have a preference value of configuration information.  A 0.  If the client may initiate such
   receives an exchange automatically in order to
   acquire the necessary network parameters to communicate Advertise message with nodes
   off-link.  The client uses a preference value of 255, then
   the server address information from
   previous client MAY act immediately on that Advertise message(s) message without
   waiting for use in constructing Request and
   Renew message(s).  Note that a client may request configuration
   information from one or more servers at any time. more additional Advertise messages.

   A DHCP client uses the Release message in the management of IAs when SHOULD choose MRC and MRD to be 0.  If the DHCP client has been instructed
   is configured with either MRC or MRD set to release the IA prior a value other than
   0, it MUST stop trying to configure the IA
   expiration time since it is no longer needed.

   A client uses interface if the Decline message when
   exchange fails.  After the DHCP client has determined
   through DAD or stops trying to configure the
   interface, it MAY choose to restart the reconfiguration process after
   some other method that one external event, such as user input, system restart, or more of when the addresses
   assigned by the server in the IA is already in use by a different
   client.

14.3.1. Creation and sending of Request messages

   If a
   client has no valid IPv6 addresses of sufficient scope is attached to
   communicate with a DHCP server, it may send a Request message to
   obtain new addresses. link.

15.1.3. Receipt of Advertise messages

   The client MUST ignore any Advertise message that includes one or more IAs in a Status
   Code option containing the
   Request message, to which value AddrUnavail, with the server assigns new addresses.  The
   server then returns IA(s) to exception that
   the client in a Reply message.

   The client sets MAY display the "msg-type" field associated status message to REQUEST, and places the link-local address user.

   Upon receipt of one or more valid Advertise messages, the interface it wishes to acquire
   configuration information for in the "client-link-local-address"
   field.

   The client generates a transaction ID inserts this value in
   selects one or more Advertise messages based upon the
   "transaction-ID" field.

   The client places following
   criteria.

    -  Those Advertise messages with the address highest server preference value
       are preferred over all other Advertise messages.

    -  Within a group of Advertise messages with the destination same server in the
   "server-address" field.

   The client adds
       preference value, a DUID option to identify itself client MAY select those servers whose
       Advertise messages advertise information of interest to the server.  The
       client.  For example, the client adds any other approppriate options, including one or more IA may choose a server that
       returned an advertisement with configuration options (if of interest
       to the client.

    -  The client is requesting MAY choose a less-preferred server if that the server assign it some
   network addresses).  The list has
       a better set of advertised parameters, such as the available
       addresses advertised in each included IA MUST
   be empty.  If the IAs.

   Once a client is not requesting that has selected Advertise message(s), the client will
   typically store information about each server, such as server assign it
   any addresses,
   preference value, addresses advertised, when the client omits advertisement was
   received, and so on.  Depending on the IA option.

   The client sends requirements of the Request message to user that
   invoked the All DHCP Agents
   multicast address, destination port 547.  The source port selection
   can be arbitrary, although it SHOULD be possible using a client, the client MAY initiate a configuration facility
   exchange with the server(s) immediately, or MAY defer this exchange
   until later.

   If the client needs to set a specific source port value.

   The select an alternate server will respond to in the Request message with case that a Reply
   message.  If no Reply message is received within REP_MSG_TIMEOUT
   milliseconds,
   chosen server does not respond, the client retransmits chooses the Request with next server
   according to the same
   transaction-ID, and doubles criteria given above.

15.2. Server Behavior

   A server sends an Advertise message in response to Solicit messages
   it receives to announce the REP_MSG_TIMEOUT value, and waits
   again.  The client continues this process until a Reply is received
   or REQUEST_MSG_ATTEMPTS unsuccessful attempts have been made, at
   which time availability of the client MUST abort server to the configuration attempt. client.

15.2.1. Receipt of Solicit messages

   The
   client SHOULD report server determines the abort status to information about the application layer.

   Default and initial values for REP_MSG_TIMEOUT client and REQ_MSG_ATTEMPTS
   are documented its
   location as described in section 7.5.

14.3.2. 12.  If administrative policy
   permits the server to respond to the client, the server will generate
   and send an Advertise message to the client.

15.2.2. Creation and sending transmission of Confirm Advertise messages

   Whenever a client may have moved

   The server sets the "msg-type" field to a new link, its IPv6 addresses
   may no longer be valid.  Examples ADVERTISE and copies the
   contents of times when a client may have
   moved to a new link include:

     o The client reboots

     o The client is physically disconnected from a wired connection

     o The client returns the transaction-ID field from sleep mode

     o The client using a wireless technology changes cells

   In any situation when a client may have moved to a new link, the
   client MUST initiate a Confirm/Reply Solicit message exchange.  The
   received from the client
   includes any IAs, along with to the addresses associated with those IAs,
   in its Confirm Advertise message.  Any responding servers will indicate the
   acceptability  The server places
   one of the its IP addresses with the status (determined through administrator setting)
   in the IA it returns
   to the client.

   The client sets the "msg-type" "server-address" field to CONFIRM, and places
   the link-local address of the interface it wishes Advertise message.  The server
   MAY add a Preference option to acquire
   configuration information carry the preference value for in the "client-link-local-address"
   field.
   Advertise message.

   The client generates server implementation SHOULD allow the setting of a transaction ID inserts this server
   preference value in the
   "transaction-ID" field.

   The client sets by the "server-address" field to 0. administrator.  The client adds a DUID option to identify itself server preference value
   MUST default to zero unless otherwise configured by the server. server
   administrator.

   The
   client adds any appropriate options, including one or more server MUST include IA options
   (if in the client is requesting Advertise message
   containing any addresses that would be assigned to IAs contained in
   the server confirm Solicit message from the validity of
   some network addresses). client.  If the Solicit message from the
   client does include any IA options,
   it included no IAs, the server MUST not include any IAs in the list of
   Advertise message.  If the server will not assign any addresses to
   IAs in a subsequent Request from the client currently has
   associated with that IA.

   The client sends client, the Confirm server MAY choose to
   send an Advertise message to the All DHCP Agents
   multicast address, destination port 547.  The source port selection
   can be arbitrary, although it SHOULD be possible using a client
   configuration facility to that includes only a status
   code option with the status code set to AddrUnavail and a specific source port value.

   Servers status
   message for the user.

   The server MAY include other options the server will respond return to the Confirm message with
   client in a subsequent Reply message.  If
   no Confirm message is received within REP_MSG_TIMEOUT milliseconds,  The information in these
   options will be used by the client retransmits the Confirm with the same transaction-ID,
   and doubles in the REP_MSG_TIMEOUT value, and waits again.  The client
   continues this process until selection of a Reply is received or QRY_MSG_ATTEMPTS
   unsuccessful attempts have been made, at which time server if
   the client MUST
   abort the configuration attempt. receives more than one Advertise message.  The client server
   SHOULD report the abort
   status to the application layer.

   Default and initial include options specifying values for REP_MSG_TIMEOUT and QRY_MSG_ATTEMPTS
   are documented in section 7.5.

   If options requested by the
   client receives no response to its Confirm message, it MAY
   restart in an Option Request Option included in the configuration process Solicit message.

   If the Solicit message was received directly by locating a DHCP the server, the
   server with an unicasts the Advertise message and sending a Request directly to that server, as described
   in section 14.3.1.

14.3.3. Creation and sending of Renew messages

   IPv6 addresses assigned to a client through an IA use the same
   preferred and valid lifetimes as IPv6 addresses obtained through
   stateless autoconfiguration.  The server assigns preferred and valid
   lifetimes to client using
   the IPv6 addresses it assigns to an IA. To extend those
   lifetimes, address in the client sends a Request to source address field from the server containing an
   "IA option" for IP datagram in
   which the IA and its associated addresses. Solicit message was received.  The server
   determines new lifetimes for Advertise message MUST
   be unicast through the addresses in interface on which the IA according to Solicit message was
   received.

   If the server's administrative configuration.  The server may also add
   new addresses to Solicit message was received in a Relay-forward message,
   the IA. The server remove addresses from constructs a Relay-reply message with the IA by
   setting Advertise
   message in the preferred and valid lifetimes payload of those addresses to zero. a "server-message" option.  The server controls the time at which the client contacts the server
   to extend the lifetimes on assigned addresses through
   unicasts the T1 and
   T2 parameters assigned Relay-reply message directly to an IA. If the server does not assign an
   explicit value to T1 or T2 for an IA, T1 defaults to 0.5 times relay agent using
   the
   shortest preferred lifetime of any address assigned to the IA and
   T2 defaults to 0.875 times in the shortest preferred lifetime of any source address assigned to field from the IA.

   At time T1 for an IA, IP datagram in which
   the Relay-forward message was received.

16. DHCP Client-Initiated Configuration Exchange

   A client initiates a Request/Reply message exchange with a server or servers to extend the lifetimes on any addresses in the IA.
   acquire or update configuration information of interest.  The client includes an IA option with all addresses currently assigned
   may initiate the configuration exchange as part of the operating
   system configuration process or when requested to do so by the IA in its Request message.  The
   application layer.

16.1. Client Behavior

   A client sends this Request message will use Request, Confirm, Renew and Rebind messages to
   acquire and confirm the All DHCP Agents multicast address. validity of configuration information.  The
   client sets uses the "msg-type" field to RENEW, server address information from previous Advertise
   message(s) for use in constructing Request and places Renew message(s).
   Note that a client may request configuration information from one or
   more servers at any time.

16.1.1. Creation and transmission of Request messages

   If the link-local client is using stateful address configuration and needs
   either an initial set of the interface addresses or additional addresses, it wishes
   MUST send a Request message to acquire obtain new addresses and other
   configuration information for information.  The client includes one or more IAs in
   the "client-link-local-address"
   field. Request message, to which the server assigns new addresses.  The
   server then returns IA(s) to the client in a Reply message.

   The client generates a transaction ID and inserts this value in the
   "transaction-ID" field.

   The client places the address of the destination server in the
   "server-address" field.

   The client adds MUST include a DUID option to identify itself to the
   server.  The client adds any other appropriate options, including
   one or more IA options (if the client is requesting that the server extend the lease on
   assign it some
   IAs; note that the client may check the status network addresses).  The list of other configuration
   parameters without asking for lease extensions). addresses in each
   included IA MUST be empty.  If the client does
   include any IA options, is not requesting that the
   server assign it MUST include any addresses, the list of addresses client omits the IA option.

   If the client currently has associated with a source address that IA.

   The client sends the Renew message to the All DHCP Agents multicast
   address, destination port 547.  The source port selection can be arbitrary, although it SHOULD be possible using a client
   configuration facility to set a specific source port value.

   The server will respond to used by the Renew message with server
   as a Reply message.
   If no Reply message is received within REP_MSG_TIMEOUT milliseconds,
   the client retransmits the Renew with the same transaction-ID, return address and
   doubles the REP_MSG_TIMEOUT value, and waits again.  The client
   continues this process until a Reply is has received or until time T2 is
   reached (see section 14.3.4).

   Default and initial values for REP_MSG_TIMEOUT are documented in
   section 7.5.

14.3.4. Creation and sending of Rebind messages

   At time T2 for an IA (which will only be reached if the server to
   which a Client Unicast
   option (section 20.11) from the Renew message was sent at time T1 has not responded), server, the client initiates a Rebind/Reply SHOULD unicast
   the Request message exchange.  The client
   includes an IA option with all addresses currently assigned to the IA
   in its Rebind message.  The server.  Otherwise, the client sends this MUST send
   the Request message to the All DHCP
   Agents All_DHCP_Agents multicast address.  The
   client sets the "msg-type" field to REBIND, and places
   the link-local MUST use an address of assigned to the interface it wishes to acquire for which the
   client is interested in obtaining configuration information for as the
   source address in the "client-link-local-address"
   field.

   The client generates a transaction ID inserts this value IP header of the datagram carrying the Request
   message.

   DISCUSSION:

      Use of multicast and relay agents enables the inclusion of
      relay agent options in all messages sent by the
   "transaction-ID" field. client.  The
      server should enable the use of unicast only when relay
      agent options will not be used.

   If the client sets multicasts the "server-address" field to 0.

   The client adds a DUID option to identify itself to the server.
   The client adds any appropriate options, including one or more IA
   options.  If the client does include any IA options (if the client is
   requesting that the server extend Request message, the lease message MUST be
   transmitted on some IAs; note that the client may check link that the status of other configuration parameters
   without asking interface for lease extensions), it MUST include the list of
   addresses the client currently has associated with that IA. which configuration
   information is being obtained is attached to.  The client sends SHOULD send
   the Rebind message to the All DHCP Agents multicast
   address, destination port 547. through that interface.  The source port selection can
   be arbitrary, although it SHOULD be possible using a client
   configuration facility to set a specific source port value.

   The server will respond to MAY send the Rebind message with a Reply message.
   If no Reply message is received within REP_MSG_TIMEOUT milliseconds,
   the client retransmits the Rebind with
   through another interface attached to the same transaction-ID, link if and
   doubles only if
   the REP_MSG_TIMEOUT value, and waits again.  The client
   continues this process until a Reply is received.

   Default and initial values for REP_MSG_TIMEOUT certain the the two interface are documented in
   section 7.5. attached to the same
   link.

   The client has several alternatives to choose from if it receives no
   response transmits the message according to its Rebind message.

    -  When section 13, using the lease on
   following parameters:

      IRT   REQ_TIMEOUT

      MRT   REQ_MAX_RT

      MRC   REQ_MAX_RC

      MRD   0

   If the IA expires, message exchange fails, the client may MAY choose to use a
       Solicit message to locate a new DHCP one of the
   following actions:

    -  Select another server and send from a Request
       for list of servers known to the expired IA to client;
       e.  g., servers that responded with an Advertise message

    -  Initiate the new server

    -  Some addresses discovery process described in section 15

    -  Terminate the IA may have lifetimes that extend beyond
       the lease configuration process and report failure

16.1.2. Creation and transmission of the IA, so the Confirm messages

   Whenever a client may choose to continue have moved to use
       those addresses; once all of the a new link, its IPv6 addresses have expired, the
   and other configuration information may no longer be valid.  Examples
   of times when a client may choose have moved to locate a new DHCP server

    - link include:

     o The client may have other addresses in other IAs, so the reboots

     o The client is physically disconnected from a wired connection

     o The client returns from sleep mode

     o The client using a wireless technology changes cells

   In any situation when a client may choose have moved to discard a new link, the expired IA and use
   client MUST initiate a Confirm/Reply message exchange.  The client
   includes any IAs, along with the addresses associated with those IAs,
   in its Confirm message.  Any responding servers will indicate the
       other IAs

14.3.5. Receipt
   acceptability of Reply message the addresses with the status in response to a Request, Confirm,
   Renew or Rebind message

   Upon the receipt of a valid Reply message in response
   it returns to a
   Request, Confirm, Renew or Rebind message, the client.

   The client extracts the
   configuration information contained in the Reply.  If sets the "status" "msg-type" field contains a non-zero value, the client reports the error status to the application layer. CONFIRM. The client records the T1 generates
   a transaction ID and T2 times for each IA inserts this value in the Reply
   message. "transaction-ID"
   field.

   The client records any addresses included with IAs in sets the Reply message.  The "server-address" field to 0.

   The client updates the preferred and valid
   lifetimes for the addresses in the IA from the lifetime information
   in MUST include a DUID option to identify itself to the IA option.
   server.  The client leaves adds any addresses that appropriate options, including one or
   more IA options (if the client
   has associated with the IA is requesting that are not included in the IA option
   unchanged.

   Management of the specific configuration information is detailed in server confirm
   the definition validity of each option, in section 18.

   When some IPv6 addresses).  If the client receives an Unavail error status in an does include
   any IA from options, it MUST include the
   server for a Request message list of addresses the client will have to find a new
   server to create an
   currently has associated with that IA.

   When the

   The client receives a NoBinding error status in an IA from sends the
   server for a Confirm message to the All_DHCP_Agents
   multicast address.  The client can assume it needs to send a
   Request to reestablish MUST use an IA with IPv6 address assigned
   to the server.

   When interface for which the client receives a Conf_NoMatch error status is interested in an IA from obtaining
   configuration information as the server for a source address in the IP header of
   the datagram carrying the Confirm message.

   The Confirm message MUST be transmitted on the link that the
   interface for which configuration information is being obtained
   is attached to.  The client can SHOULD send a Renew the message
   to through that
   interface.  The client MAY send the server message through another interface
   attached to extend the lease for the addresses.

   When same link if and only if the client receives a NoBinding error status in an IA from is certain the
   server for a Renew message
   the client can assume it needs two interface are attached to send a
   Request the same link.

   The client transmits the message according to reestablish an IA with section 13, using the server.

   When
   following parameters:

      IRT   CNF_TIMEOUT

      MRT   CNF_MAX_RT

      MRC   0

      MRD   CNF_MAX_RD

   If the client receives a Renw_NoMatch error status in an IA from no responses before the server for a Renew message transmission
   process as described in section 13 terminates, the client can assume it needs to send
   a Request SHOULD
   continue to reestablish an IA with the server.

   When use any IP addresses, using the last known lifetimes for
   those addresses, and SHOULD continue to use any other previously
   obtained configuration parameters.

16.1.3. Creation and transmission of Renew messages

   IPv6 addresses assigned to a client receives an Unavail error status in through an IA from use the same
   preferred and valid lifetimes as IPv6 addresses obtained through
   stateless address autoconfiguration.  The server for a Renew message assigns preferred
   and valid lifetimes to the client can assume IPv6 addresses it needs to send a
   Request assigns to reestablish an IA with the server.

   When IA. To
   extend those lifetimes, the client receives sends a NoBinding error status in an IA from Renew message to the
   server containing an "IA option" for a Rebind message the client can assume it needs to send a
   Request to reestablish an IA with the and its associated
   addresses.  The server or try another server.

   When determines new lifetimes for the client receives a Rebd_NoMatch error status addresses in an
   the IA from according to the server for a Rebind message administrative configuration of the client can assume it needs to
   send a Request server.
   The server may also add new addresses to reestablish an IA with the IA. The server or try another
   server.

   When may
   remove addresses from the client receives an Unavail error status in an IA from by setting the
   server for a Rebind message preferred and valid
   lifetimes of those addresses to zero.

   The server controls the time at which the client can assume it needs contacts the server
   to send a
   Request extend the lifetimes on assigned addresses through the T1 and
   T2 parameters assigned to reestablish an IA with IA. If the server does not assign an
   explicit value to T1 or try another server.

14.3.6. Creation and sending of Release messages

   The client sets T2 for an IA, T1 defaults to 0.5 times the "msg-type" field
   shortest preferred lifetime of any address assigned to RELEASE, the IA and places
   T2 defaults to 0.875 times the
   link-local address shortest preferred lifetime of any
   address assigned to the interface associated with IA.

   At time T1 for an IA, the configuration
   information it wishes client initiates a Renew/Reply message
   exchange to release extend the lifetimes on any addresses in the "client-link-local-address"
   field. IA. The
   client includes an IA option with all addresses currently assigned to
   the IA in its Renew message.

   The client sets the "msg-type" field to RENEW. The client generates a
   transaction ID and places inserts this value in the "transaction-ID" field.

   The client places the IP address of the destination server that allocated the
   address(es) in the
   "server-address" field.

   The client adds MUST include a DUID option to identify itself to the
   server.  The client includes adds any appropriate options, including one or
   more IA options containing (if the IAs it client is releasing in requesting that the
   "options" field.  The addresses to be released MUST be included in server extend
   the IAs.  The appropriate "status" field in lease on some IAs; note that the options MUST be set
   to indicate client may check the reason status of
   other configuration parameters without asking for the release. lease extensions).
   If the client is configured to use authentication, does include any IA options, it MUST include the client
   generates list
   of addresses the appropriate authentication option, and adds this option
   to the "options" field.  Note client currently has associated with that IA.

   If the authentication option MUST client has a source address that can be used by the last server as
   a return address and the client has received a Client Unicast option in
   (section 20.11) from the "options" field.  See section  18.9 for more
   details about server, the client SHOULD unicast the Renew
   message to the server.  Otherwise, the authentication option.

   The client sends the Release Renew message
   to the All DHCP Agents All_DHCP_Agents multicast address.

14.3.7. Time out and retransmission of Release Messages

   A  The client MAY choose MUST use an
   address assigned to wait the interface for a Reply message from which the server client is interested
   in
   response to obtaining configuration information as the Release message.  If source address in the client does wait for a
   Reply,
   IP header of the client MAY choose to retransmit datagram carrying the Release Renew message.

   If no Reply the Renew message is received within REP_MSG_TIMEOUT milliseconds,
   the client retransmits multicast, it MUST be transmitted on the Release, doubles
   link that the REP_MSG_TIMEOUT
   value, and waits again.  The client continues this process until a
   Reply is received or REL_MSG_ATTEMPTS unsuccessful attempts have been
   made, at interface for which time the configuration information is being
   obtained is attached to.  The client SHOULD abort send the release attempt. message through
   that interface.  The client SHOULD return MAY send the abort status message through another
   interface attached to the application, same link if an
   application initiated the release.

   Default and initial values for REP_MSG_TIMEOUT and REL_MSG_ATTEMPTS
   are documented in section 7.5.

   Note that only if the client fails to release is
   certain the IA, the addresses
   assigned two interface are attached to the IA will be reclaimed by the server when same link.

   The client transmits the lease
   associated with it expires.

14.3.8. Receipt of Reply message in response according to a Release message

   Upon receipt of a valid Reply message, the client can consider the
   Release event successful, and SHOULD return section 13, using the successful status to
   following parameters:

      IRT   REN_TIMEOUT
      MRT   REP_MAX_RT

      MRC   0

      MRD   0

   The mechanism in section 13 is modified as follows for use in the application layer, if an application initiated
   transmission of Renew messages.  The message exchange is terminated
   when time T2 is reached (see section 16.1.4), at which time the release.

14.3.9.
   client begins a Rebind message exchange.

16.1.4. Creation and sending transmission of Decline Rebind messages

   The client sets

   At time T2 for an IA (which will only be reached if the "msg-type" field server to DECLINE, and places
   which the
   link-local address of Renew message was sent at time T1 has not responded),
   the interface associated client initiates a Rebind/Reply message exchange.  The client
   includes an IA option with the configuration
   information it wishes all addresses currently assigned to decline the
   IA in its Rebind message.  The client sends this message to the "client-link-local-address"
   field.
   All_DHCP_Agents multicast address.

   The client sets the "msg-type" field to REBIND. The client generates
   a transaction ID and places inserts this value in the "transaction-ID" field.

   The client places the IP address of the server that allocated the
   address(es) in sets the "server-address" field. field to 0.

   The client adds MUST include a DUID option to identify itself to the
   server.  The client includes options containing the IAs it is declining in the
   "options" field.  The addresses to be released MUST be included in
   the IAs.  The adds any appropriate "status" field in the options MUST be set
   to indicate the reason for declining the address. options, including one or
   more IA options.  If the client is configured to use authentication, does include any IA options (if the
   client
   generates is requesting that the appropriate authentication option, and adds this option
   to server extend the "options" field.  Note lease on some IAs;
   note that the authentication option MUST be client may check the last option in the "options" field.  See section  18.9 status of other configuration
   parameters without asking for more
   details about lease extensions), it MUST include the authentication option.
   list of addresses the client currently has associated with that IA.

   The client send sends the Decline Rebind message to the All DHCP Agents All_DHCP_Agents
   multicast address.

14.3.10. Time out and retransmission  The client MUST use an IPv6 address assigned
   to the interface for which the client is interested in obtaining
   configuration information as the source address in the IP header of Decline Messages

   If no Reply
   the datagram carrying the Rebind message.

   The Rebind message MUST be transmitted on the link that the interface
   for which configuration information is received within REP_MSG_TIMEOUT milliseconds, being obtained is attached
   to.  The client SHOULD send the message through that interface.  The
   client retransmits MAY send the Decline, doubles message through another interface attached to the REP_MSG_TIMEOUT
   value,
   same link if and waits again.  The only if the client continues this process until a
   Reply is received or REL_MSG_ATTEMPTS unsuccessful attempts have
   been made, at which time certain the client SHOULD abort the attempt two interface
   are attached to
   decline the address. same link.

   The client SHOULD return transmits the abort status message according to section 13, using the application, if an application initiated the release.

   Default and initial values for REP_MSG_TIMEOUT and REL_MSG_ATTEMPTS
   are documented
   following parameters:

      IRT   REB_TIMEOUT

      MRT   REB_MAX_RT
      MRC   0

      MRD   0

   The mechanism in section 7.5.

14.3.11. Receipt of Reply message 13 is modified as follows for use in response to a Release message

   Upon receipt the
   transmission of a valid Reply message, Rebind messages.  The message exchange is terminated
   when the client can consider lease for the
   Release event successful, and SHOULD return IA expires (see section 11), at which time the successful status
   client has several alternative actions to choose from:

    -  When the application layer, if an application initiated lease on the release.

14.4. Server Behavior

   For this discussion, IA expires, the Server is assumed to have been configured in
   an implementation specific manner with configuration of interest client may choose to
   clients.

14.4.1. Receipt of Request messages

   Upon the receipt of use a valid Request
       Solicit message from to locate a client the server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans the options field.

   The new DHCP server then constructs a Reply message and sends it to the
   client.

   The server SHOULD process each option for the client in an
   implementation-specific manner.  The server MUST construct send a Reply
   message containing the following values:

      msg-type                    REPLY

      preference                  Enter the server's preference to
                                  provide services to the client.

      transaction-ID              Enter the transaction-ID from the
                                  Request message.

      client-link-local address   Enter the client-link-local address
                                  from the Request message.

      server address              Enter the IP address of the server.

   When
       for the server receives a Request and expired IA option is included the
   client is requesting to the configuration of a new IA by the server.
   The server MUST take

    -  Some addresses in the clients IA and associate a binding for may have lifetimes that
   client in an implementation-specific manner within extend beyond
       the server's
   configuration parameter database for DHCP clients.

   If lease of the server cannot provide addresses to IA, so the client it SHOULD send
   back an empty IA may choose to continue to use
       those addresses; once all of the client with addresses have expired, the status field set
       client may choose to Unavail.

   If the locate a new DHCP server can provide

    -  The client may have other addresses to in other IAs, so the client it MUST send back
   the IA
       may choose to discard the client with all fields entered expired IA and a status of Success,
   and add use the IA as a new client binding.

   The server adds options to addresses in the Reply message for any
       other
   configuration information to be assigned to the client.

14.4.2. IAs

16.1.5. Receipt of Confirm messages Reply message in response to a Request, Confirm,
   Renew or Rebind message

   Upon the receipt of a valid Confirm Reply message from in response to a client
   Request, Confirm, Renew or Rebind message, the server
   can respond to, (implementation-specific administrative policy
   satisfied) client extracts the server scans
   configuration information contained in the options field. Reply.  The server then constructs a Reply message and sends it client MAY
   choose to report any status code or message from the
   client. status code
   option in the Reply message.

   The server client SHOULD process perform duplicate address detection [20] on each option for of
   the client addresses in any IAs it receives in an
   implementation-specific manner.  The server MUST construct a Reply
   message containing the following values:

      msg-type                    REPLY

      preference                  Enter Reply message.  If any of
   the server's preference to
                                  provide services addresses are found to be in use on the client.

      transaction-ID              Enter the transaction-ID from the
                                  Confirm message.

      client-link-local address   Enter link, the client-link-local address
                                  from client sends a
   Decline message to the Confirm message. server address              Enter the server's address.

   When as described in section 16.1.8.

   The client records the server receives a Confirm T1 and an T2 times for each IA option is included in the Reply
   message.  The client is requesting confirmation that the records any addresses included with IAs in
   the IA are
   valid. Reply message.  The server SHOULD locate client updates the clients binding preferred and verify valid
   lifetimes for the
   information addresses in the IA from the client matches the lifetime information stored
   for that client.

   If
   in the server cannot find a client entry for this IA option.  The client leaves any addresses that the server
   SHOULD return an empty IA client
   has associated with status set to NoBinding.

   If the server finds IA that are not included in the information for IA option
   unchanged.

   Management of the client does not
   match what specific configuration information is detailed in
   the server's records for that client definition of each option, in section 20.

   When the server
   should send back client receives a NoPrefixMatch status in an empty IA with status set to Conf_NoMatch.

   If from the
   server finds the client can assume it needs to send a match Request to the Confirm then the server should
   send back the IA
   to obtain appropriate addresses for the IA. If the client with status set to success.

14.4.3. Receipt of Renew receives
   any Reply messages

   Upon the receipt of a valid Renew message from that do not indicate a client NoPrefixMatch status, the server
   client can respond to, (implementation-specific administrative policy
   satisfied) use the server scans addresses in the IA and ignore any messages that
   do indicate a NoPrefixMatch status.

   When the client receives an AddrUnavail status in an IA from the options field.

   The
   server then constructs for a Reply Request message and sends it to the
   client.

   The client will have to find a new
   server SHOULD process each option for to create an IA.

   When the client receives a NoBinding status status in an
   implementation-specific manner.  The IA from the
   server MUST construct for a Reply Confirm message containing the following values:

      msg-type                    REPLY

      preference                  Enter the server's preference client can assume it needs to
                                  provide services send a
   Request to reestablish an IA with the client.

      transaction-ID              Enter server.

   When the transaction-ID client receives a ConfNoMatch status in an IA from the
   server for a Confirm message.

      client-link-local address   Enter message the client-link-local address
                                  from client can send a Renew message to
   the Confirm message. server address              Enter to extend the server's address. lease for the addresses.

   When the server client receives a Renew and NoBinding status in an IA option from the server
   for a Renew message the client can assume it
   SHOULD locate needs to send a Request
   to reestablish an IA with the clients binding and verify server.

   When the information client receives a RenwNoMatch status in the an IA from the client matches the information stored for that client.

   If the
   server cannot find a client entry for this IA a Renew message the server
   SHOULD return client can assume it needs to send a
   Request to reestablish an empty IA with status set to NoBinding.

   If the server finds that server.

   When the addresses client receives an AddrUnavail status in the an IA from the
   server for a Renew message the client do
   not match the clients binding the server should return can assume it needs to send a
   Request to reestablish an empty IA with the server.

   When the client receives a NoBinding status set to Renw_NoMatch.

   If in an IA from the server cannot Renew addresses
   for a Rebind message the client can assume it SHOULD needs to send
   back a Request
   to reestablish an empty IA to the client with the status field set to Unavail.

   If the server finds or try another server.

   When the addresses client receives a RebdNoMatch status in the an IA from the
   server for a Rebind message the client then the
   server SHOULD can assume it needs to send back the IA a
   Request to the client reestablish an IA with new lease times
   and T1/T2 times if the default is not being used, and set server or try another server.

   When the client receives an AddrUnavail status to
   Success.

14.4.4. Receipt of Rebind messages

   Upon in an IA from the receipt of
   server for a valid Rebind message from a the client can assume it needs to send a
   Request to reestablish an IA with the server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans or try another server.

16.1.6. Creation and transmission of Release messages

   The client sets the options field. "msg-type" field to RELEASE. The server then constructs client generates
   a Reply message transaction ID and sends it to places this value in the
   client. "transaction-ID" field.

   The client places the IP address of the server SHOULD process each option for that allocated the client
   address(es) in an
   implementation-specific manner. the "server-address" field.

   The server client MUST construct include a Reply
   message DUID option to identify itself to the
   server.  The client includes options containing the following values:

      msg-type                    REPLY

      preference                  Enter IAs it is
   releasing in the server's preference "options" field.  The addresses to
                                  provide services be released
   MUST be included in the IAs.  The appropriate "status" field in the
   options MUST be set to indicate the client.

      transaction-ID              Enter reason for the transaction-ID from release.

   The client MUST NOT use any of the
                                  Confirm message.

      client-link-local address   Enter addresses in the IAs in the
   message as the client-link-local source address
                                  from in the Confirm Release message or in any
   subsequently transmitted message.

      server address              Enter

   If the server's address.

   When client has a source address that can be used by the server receives
   as a Rebind return address and IA the client has received a Client Unicast
   option (section 20.11) from a the server, the client it SHOULD locate the clients binding and verify unicast the information in
   Release message to the
   IA from server.  Otherwise, the client matches MUST send the information stored for that client.

   If
   Release message to the server cannot find a All_DHCP_Agents multicast address.  The client entry
   MUST use an address for this IA the server
   SHOULD return an empty IA with status set interface to NoBinding.

   If the server finds that which the addresses IAs in the IA Release
   message are assigned as the source address for the client do
   not match Release message.

   DISCUSSION:

      Use of multicast and relay agents enables the clients binding inclusion of
      relay agent options in all messages sent by the client.  The
      server should return an empty IA
   with status set to Rebd_NoMatch. enable the use of unicast only when relay
      agent options will not be used.

   If the server cannot Rebind addresses for Release message is multicast, it MUST be transmitted on the
   link that the interface for which configuration information is being
   obtained is attached to.  The client it SHOULD send
   back an empty IA to the message through
   that interface.  The client with MAY send the status field set message through another
   interface attached to Unavail.

   If the server finds the addresses in the IA for same link if and only if the client then is
   certain the
   server SHOULD send back the IA two interface are attached to the same link.

   A client with new lease times
   and T1/T2 times if the default is not being used, and set status MAY choose to
   Success.

   DISCUSSION:

      There is wait for a significant difference between Renew and Rebind
      messages:  Because the Rebind Reply message is processed by a
      single server, from the respnding server can actually change the
      addresses in the IA. However, because multiple servers may
      repsond
   response to a Rebind, all they can safely do is update T1, T2
      (for the IA) and lifetimes (for individual addresses).

14.4.5. Receipt of Release messages

   Upon message.  If the receipt of client does wait for a valid Release message,
   Reply, the server examines client MAY choose to retransmit the
   IAs and Release message.

   The client transmits the addresses in message according to section 13, using the IAs for validity.  If
   following parameters:

      IRT   REL_TIMEOUT

      MRT   0

      MRC   REL_MAX_MRC

      MRD   0

   The client MUST abandon the IAs in attempt to release addresses if the
   Release message are in a binding for the exchange fails.

   The client and MUST stop using all of the addresses in the IAs
   have been assigned by IA(s) being
   released as soon as the server to those IA, client begins the server deletes Release message exchange
   process.  If an IA is released but the addresses Reply from a DHCP server
   is lost, the IAs client will retransmit the Release message, and makes the addresses available for
   assignment to other clients.

   The
   server then generates may respond with a Reply message.  If all indicating a status of "Nobinding".
   Therefore, the IAs were
   valid and client does not treat a Reply message with a status
   of "Nobinding" in a Release message exchange as if it indicates an
   error.

   Note that if the client fails to release the IA, the addresses successfully released,,
   assigned to the IA will be reclaimed by the server sets when the
   "status" field lease
   associated with it expires.

16.1.7. Receipt of Reply message in response to "Success".  If any a Release message

   Upon receipt of a valid Reply message, the IAs were invalid or if
   any of client can consider the addresses were not successfully released,
   Release event successful, and SHOULD return the server
   releases none of successful status to
   the addresses in application layer, if an application initiated the message release.

16.1.8. Creation and transmission of Decline messages

   The client sets the "status" "msg-type" field to "NoBinding"(section 7.4).

   If DECLINE. The client generates
   a transaction ID and places this value in the "transaction-ID" field.

   The client successfully releases some but not all places the IP address of the addresses server that allocated the
   address(es) in an IA, the IA continues "server-address" field.

   The client MUST include a DUID option to identify itself to exist and holds the remaining,
   unreleased addresses.

   A
   server.  The client can send an option includes options containing an IA with no listed the IAs it is
   declining in the "options" field.  The addresses to release implicitly all of be released
   MUST be included in the addresses IAs.  The appropriate "status" field in the IA.

   A server is not required to (but may choose
   options MUST be set to as an implementation
   strategy) retain any record of an IA from which all of the addresses
   have been released.

14.4.6. Sending of Reply messages

   If indicate the Request, Confirm, Renew, Rebind or Release message from reason for declining the address.

   The client was originally received by MUST NOT use any of the server, addresses in the server
   unicasts IAs in the Reply
   message to as the link-local source address in the
   "client-link-local-address" field. Decline message or in any
   subsequently transmitted message.

   If the message was originally client has a source address that can be used by the server
   as a return address and the client has received in a Forward-request or
   Forward-release message Client Unicast
   option (section 20.11) from a relay, the server places server, the Reply
   message in client SHOULD unicast the options field of a Response-reply
   Decline message and unicasts to the server.  Otherwise, the client MUST send the
   Decline message to the relay's All_DHCP_Agents multicast address.  The client
   MUST use an IPv6 address from for the original message.

15. DHCP Server-Initiated Configuration Exchange

   A server initiates a configuration exchange to force DHCP clients interface to obtain new addresses and other configuration information.  For
   example, an administrator may use a server-initiated configuration
   exchange when links which the IAs in the DHCP domain
   Release message are to be renumbered.  Other
   examples include changes in assigned as the location of directory servers,
   addition source address for the Decline
   message.

   DISCUSSION:

      Use of new services such as printing, multicast and availability relay agents enables the inclusion of new
   software (system or application).

15.1. Reconfigure-init Message Validation

   Agents MUST silently discard any received Reconfigure-init messages.

   Clients MUST discard any Reconfigure-init
      relay agent options in all messages that do
   not contain an authentication option or that fail sent by the client's
   authentication check.

15.2. Server Behavior

   A client.  The
      server sends a Reconfigure-init message to cause a client to
   initiate immediately a Request/Reply message exchange with should enable the
   server.

15.2.1. Creation and sending use of Reconfigure-init messages

   The server sets unicast only when relay
      agent options will not be used.

   If the "msg-type" field to RECONFIG-INIT. The server
   generates a transaction-ID and inserts Decline message is multicast, it in MUST be transmitted on the "transaction-ID"
   field.
   link that the interface for which configuration information is being
   obtained is attached to.  The server places its address (of appropriate scope) in client SHOULD send the
   "server-address" field. message through
   that interface.  The server client MAY include an ORO option to inform send the client of what
   information has been changed or new information that has been added.
   In particular, message through another
   interface attached to the server specifies same link if and only if the IA option in client is
   certain the ORO if the
   server wants two interface are attached to the same link.

   The client transmits the message according to obtain new address information. section 13, using the
   following parameters:

      IRT   DEC_TIMEOUT

      MRT   DEC_MAX_RT

      MRC   DEC_MAX_RC

      MRD   0

   The server client MUST include an authentication option with the appropriate
   settings and add that option as abandon the last option in attempt to decline addresses if the "options"
   field
   Decline message exchange fails.

16.1.9. Receipt of the Reconfigure-init message.

   The server MUST NOT include any other options Reply message in response to a Decline message

   Upon receipt of a valid Reply message, the Reconfigure-init
   except as specifically allowed in client can consider the definition of individual
   options.

   The server unicasts
   Decline event successful.

16.2. Server Behavior

   For this discussion, the Reconfigure-init message Server is assumed to one client. have been configured in
   an implementation specific manner with configuration of interest to
   clients.

16.2.1. Receipt of Request messages

   The server may unicast Reconfigure-init messages to more than one client
   concurrently; for example, MAY choose to reliably reconfigure all known clients,
   the server will discard Request messages received via
   unicast from a Reconfigure-init message client to each client.

   After which the server sends the Reconfigure-init message, it waits for a
   Request message from those clients confirming that each client has
   received the Reconfigure-init and are thus initiating not sent a Request/Reply
   transaction with unicast
   option.

   Upon the server.

15.2.2. Time out and retransmission receipt of Reconfigure-init messages

   If the server does not receive a valid Request message from the a client
   in RECREP_MSG_TIMEOUT milliseconds, the server retransmits the Reconfigure-init message, doubles the RECREP_MSG_TIMEOUT
   value and waits again.  The server continues this process until
   REC_MSG_ATTEMPTS unsuccessful attempts have been made, at which point
   can respond to, (implementation-specific administrative policy
   satisfied) the server SHOULD abort scans the reconfigure process.

   Default and initial values for RECREP_MSG_TIMEOUT and
   REC_MSG_ATTEMPTS are documented in section 7.5.

15.2.3. Receipt of Request messages options field.

   The server generates then constructs a Reply message and sends Reply message(s) it to the client as
   described in section 14.4.6, including in the "options" field new
   values
   client.

   The server SHOULD process each option for configuration parameters.

   It is possible that the client may send in an
   implementation-specific manner.  The server MUST construct a Request Reply
   message after containing the
   server has sent a Reconfigure-init but before following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID from the Reconfigure-init is
   received by the client.  In this case, the client's Request message
   may not include all message.

      server address   One of the IAs and requests for parameters IP addresses assigned to be
   reconfigured by the server.  To accommodate this scenario, interface
                       through which the server
   MAY choose to send a Reply with the IAs and other parameters to
   be reconfigured, even if those IAs and parameters were not in received the
   Request message
                       from the client.

15.3. Client Behavior

   A client MUST always monitor UDP port 546 for Reconfigure-init
   messages on interfaces upon which it has acquired DHCP parameters.
   Since

   When the results of server receives a reconfiguration event may affect application
   layer programs, Request and IA option is included the
   client SHOULD log these events, and MAY notify
   these programs of is requesting the change through an implementation-specific
   interface.

15.3.1. Receipt of Reconfigure-init messages

   Upon receipt configuration of a valid Reconfigure-init message, new IA by the server.
   The server MUST take the IA from the client
   initiates and associate a Request/Reply transaction with binding
   for that client in an implementation-specific manner within the
   configuration parameter database for DHCP clients managed by the
   server.  While

   If the Request/Reply transaction is in progress, server finds that the client silently
   discards prefix on one or more IP addresses in
   any Reconfigure-init messages it receives.

   DISCUSSION:

      The Reconfigure-init message acts as a trigger that signals IA in the client to complete a successful Request/Reply message
      exchange.  Once fro the client has received is not a Recongfigure-init, valid prefix for the
   link to which the client proceeds with is connected, the Request/Reply message
      exchange (retransmitting server MUST return the Request if necessary); IA
   to the client ignores any additional Reconfigure-init messages
      (regardless of the transaction ID in with the Reconfigure-init
      message) until status field set to NoPrefixMatch.

   If the Request/Reply exchange is complete.
      Subsequent Reconfigure-init messages (again independent
      of the transaction ID) cause server cannot provide addresses to the client it SHOULD
   send back an empty IA to initiate a new
      Request/Reply exchange.

      How does this mechanism work in the face of duplicated
      or retransmitted Reconfigure-init messages?  Duplicate
      messages will be ignored because the client will begin
      the Request/Reply exchange after the receipt of the
      first Reconfigure-init.  Retransmitted messages will
      either trigger the Request/Reply exchange (if with the first
      Reconfigure-init was not received by status field set to
   AddrUnavail.

   If the client) or will
      be ignored.  The server can discontinue retransmission of
      Reconfigure-init messages provide addresses to the client once the server
      receives it MUST send back
   the client's Request.

      It might be possible for a duplicate or retransmitted
      Reconfigure-init to be sufficiently delayed (and
      delivered out of order) IA to arrive at the client after
      the Request/Reply exchange (initiated by the original
      Reconfigure-init) has been completed.  In this case, the
      client would initiate with all fields entered and a redundant Request/Reply exchange.
      The likelihood status of delayed Success,
   and out of order delivery is small
      enough to be ignored.  The consequence of add the redundant
      exchange is inefficiency rather than incorrect operation.

15.3.2. Creation and sending of Request messages

   When responding to IA as a Reconfigure-init, the new client creates and
   sends the Request message in exactly the same manner as outlined in
   section 14.3.1 with the following difference:

      IAs binding.

   The client includes IA server adds options containing the addresses to the
            client currently has Reply message for any other
   configuration information to be assigned to those IAs for the interface
            through which client.

16.2.2. Receipt of Confirm messages

   Upon the Reconfigure-init receipt of a valid Confirm message was received.

15.3.3. Time out and retransmission of Request messages

   The from a client uses the same variables server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans the options field.

   The server then constructs a Reply message and retransmission algorithm as sends it
   does with Request messages generated as part of a client-initiated
   configuration exchange.  See section 14.3.1 to the
   client.

   The server SHOULD process each option for details.

15.3.4. Receipt of Reply messages

   Upon the receipt of client in an
   implementation-specific manner.  The server MUST construct a valid Reply message,
   message containing the client extracts following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID from the
   contents Confirm message.

      server address   One of the "options" field, and sets (or resets) configuration
   parameters appropriately.  The client records and updates the
   lifetimes for any IP addresses specified in IAs in the Reply message.
   If assigned to the configuration parameters changed were requested by interface
                       through which the
   application layer, server received the client notifies message
                       from the application layer of client.

   When the
   changes using an implementation-specific interface.

   As discussed in section 15.2.3, server receives a Confirm message, the Reply from client is requesting
   confirmation that the configuration information it will use is valid.
   The server may include
   IAs and parameters SHOULD locate the binding for that were not included client and compare the
   information in the Request Confirm message from the client.  The client MUST configure itself to the information
   associated with all of that client.

   If the IAs and
   parameters server cannot determine if the information in the Reply from Confirm
   message is valid or invalid, the server.

16. Relay Behavior server MUST NOT send a reply to the
   client.  For this discussion, example, if the Relay may be configured to use a list of server destination addresses, which may include unicast addresses,
   the All DHCP Servers multicast address, or other multicast addresses
   selected by the network administrator.  If the Relay has does not been
   explicitly configured, it will use the All DHCP Servers multicast
   address as the default.

16.1. Relaying of client messages

   When a Relay receives a valid client message, it constructs have a Relay-forward message.  The relay places an address from binding for the interface on which
   client, but the client message was received configuration information in the
   "relay-address" field and the prefix length for that address in Confirm message
   appears valid, the
   "prefix-length" field.  This address will be used by server does not reply.

   If the server to
   identify finds that the link to which information for the client does not
   match what is connected and will be used
   by in the relay to forward binding for that client or the Advertise message from configuration
   information is not valid, the server back to
   the client.

   The relay constructs sends a "client-message" Reply message containing
   a Status Code option 18.5 with the value ConfNoMatch.

   If the server finds that contains the entire message from information for the client does match
   the information in the data field of binding for that client, and the
   option.  The relay places configuration
   information is still valid, the "relay-message" server sends a Reply message
   containing a Status Code option along with any
   "relay-specific" options in the options field of the Relay-forward
   message. value Success.

   The Relay then sends the Relay-forward Reply message to from the list
   of server destination addresses that it has been configured with.

16.2. Relaying MUST contain a Status Code option
   and MUST NOT include any other options.

16.2.3. Receipt of Renew messages

   The server MAY choose to discard Renew messages

   When the relay receives received via unicast
   from a Relay-reply message, it extracts client to which the server has not sent a unicast option.

   Upon the receipt of a valid Renew message from a client the "server-message" option and forwards server
   can respond to, (implementation-specific administrative policy
   satisfied) the server scans the options field.

   The server then constructs a Reply message and sends it to the address in
   client.

   The server SHOULD process each option for the client-link-local-address field client in the server
   message. an
   implementation-specific manner.  The relay forwards the server MUST construct a Reply
   message through the interface
   identified in containing the "relay-address" field in following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID from the Relay-reply Confirm message.

17. Authentication of DHCP messages

   Some network administrators may wish to provide authentication

      server address   One of the source and contents of DHCP messages.  For example, clients may
   be subject IP addresses assigned to denial of service attacks through the use of bogus
   DHCP servers, or may simply be misconfigured due to unintentionally
   instantiated DHCP servers.  Network administrators may wish to
   constrain interface
                       through which the allocation of addresses to authorized hosts to avoid
   denial of service attacks in "hostile" environments where server received the network
   medium is not physically secured, such as wireless networks or
   college residence halls.

   Because of message
                       from the risk of denial of service attacks against DHCP
   clients, client.

   When the use of authentication is mandated in Reconfigure-init
   messages.  A DHCP server MUST include an authentication receives a Renew and IA option from a client it
   SHOULD locate the clients binding and verify the information in
   Reconfigure-init messages sent to clients.

   The DHCP authentication mechanism is based on the design of
   authentication for DHCP
   IA from the client matches the information stored for IPv4 [8].

17.1. DHCP threat model

   The threat to DHCP is inherently an insider threat (assuming that client.

   If the server cannot find a
   properly configured network where DHCPv6 ports are blocked on client entry for this IA the enterprise's perimeter gateways.)  Regardless of server
   SHOULD return an empty IA with status set to NoBinding.

   If the gateway
   configuration, however, server finds that the potential attacks by insiders and
   outsiders are addresses in the IA for the same.

   The attack specific to a DHCP client is do
   not match the possibility of clients binding the
   establishment of a "rogue" server should return an empty IA
   with the intent of providing
   incorrect configuration information status set to RenwNoMatch.

   If the client.  The motivation server cannot Renew addresses for doing so may be to establish a "man in the middle" attack or client it
   may be for a "denial of service" attack.

   There is another threat SHOULD
   send back an empty IA to DHCP clients from mistakenly or
   accidentally configured DHCP servers that answer DHCP the client requests with unintentionally incorrect configuration parameters.

   The threat specific the status field set to a DHCP
   AddrUnavail.

   If the server is an invalid client
   masquerading as a valid client.  The motivation for this may be for
   "theft of service", or to circumvent auditing finds the addresses in the IA for any number of
   nefarious purposes.

   The threat common the client then the
   server SHOULD send back the IA to both the client with new lease times
   and T1/T2 times if the server default is the resource
   "denial not being used, and set status to
   Success.

16.2.4. Receipt of service" (DoS) attack.  These attacks typically involve Rebind messages

   Upon the exhaustion receipt of a valid addresses, or Rebind message from a client the exhaustion of CPU or
   network bandwidth, and are present anytime there is a shared
   resource.  In current practice, redundancy mitigates DoS attacks the
   best.

17.2. Summary of DHCP authentication

   Authentication of DHCP messages is accomplished through server
   can respond to, (implementation-specific administrative policy
   satisfied) the use of server scans the Authentication option. options field.

   The authentication information carried
   in the Authentication option can be used to reliably identify the
   source of server then constructs a DHCP Reply message and sends it to confirm that the contents of the DHCP
   message have not been tampered with.
   client.

   The Authentication server SHOULD process each option provides a framework for multiple
   authentication protocols.  Two such protocols are defined here.
   Other protocols defined in the future will be specified client in separate
   documents. an
   implementation-specific manner.  The protocol field in server MUST construct a Reply
   message containing the Authentication option identifies following values:

      msg-type         REPLY

      transaction-ID   The transaction-ID from the
   specific protocol used to generate Confirm message.

      server address   One of the authentication information
   carried in IP addresses assigned to the option.  The algorithm field identifies a specific
   algorithm within interface
                       through which the authentication protocol; for example, server received the
   algorithm field specifies message
                       from the hash algorithm used to generate client.

   When the
   message authentication code (MAC) in server receives a Rebind and IA option from a client it
   SHOULD locate the authentication option.  The
   replay detection method (RDM) field specifies clients binding and verify the type of replay
   detection used information in the replay detection field.

17.3. Replay detection

   The Replay Detection Method (RDM) field determines
   IA from the type of replay
   detection used in client matches the Replay Detection field. information stored for that client.

   If the RDM field contains 0x00, server cannot find a client entry for this IA the replay detection field MUST be server
   SHOULD return an empty IA with status set to NoBinding.

   If the value of a monotonically increasing counter.  Using a
   counter value such as server finds that the current time of day (e.g., an NTP-format
   timestamp [12]) can reduce addresses in the danger of replay attacks.  This method
   MUST be supported by all protocols.

17.4. Configuration token protocol IA for the client do
   not match the clients binding the server should return an empty IA
   with status set to RebdNoMatch.

   If the protocol field is 0, server cannot Rebind addresses for the authentication information field
   holds a simple configuration token.  The configuration token is client it SHOULD
   send back an
   opaque, unencoded value known empty IA to both the sender and receiver.  The
   sender inserts client with the configuration token status field set to
   AddrUnavail.

   If the server finds the addresses in the DHCP message and IA for the
   receiver matches client then the token from
   server SHOULD send back the message IA to the shared token.  If client with new lease times
   and T1/T2 times if the configuration option default is present not being used, and set status to
   Success.

   There is a significant difference between Renew and Rebind messages:
   Because the token from the Renew message
   does not match is processed by a single server, the shared token,
   responding server can actually change the receiver MUST discard addresses in the
   message.

   Configuration token IA.
   However, because multiple servers may be used respond to pass a plain-text configuration
   token and provides only weak entity authentication and no message
   authentication.  This protocol Rebind, all they
   can safely do is only useful for rudimentary
   protection against inadvertently instantiated DHCP servers.

   DISCUSSION: update T1, T2 (for the IA) and lifetimes (for
   individual addresses).

16.2.5. Receipt of Release messages

   The intent here is server MAY choose to pass discard Release messages received via
   unicast from a constant, non-computed token
      such as client to which the server has not sent a plain-text password.  Other types unicast
   option.

   Upon the receipt of entity
      authentication using computed tokens such as Kerberos
      tickets or one-time passwords will be defined as separate
      protocols.

17.5. Delayed authentication protocol

   If a valid Release message, the protocol field is 1, server examines the message is using
   IAs and the "delayed
   authentication" mechanism.  In delayed authentication, addresses in the client
   requests authentication IAs for validity.  If the IAs in its Solicit message and the server replies
   with an Advertise
   message that includes authentication information.
   This authentication information contains are in a nonce value generated by binding for the source as a message authentication code (MAC) to provide message
   authentication client and entity authentication.

   The use of a particular technique based on the HMAC protocol [10]
   using the MD5 hash [19] is defined here.

17.5.1. Management issues addresses in the delayed authentication protocol

   The "delayed authentication" protocol does not attempt IAs
   have been assigned by the server to address
   situations where a client may roam those IAs, the server deletes
   the addresses from one administrative domain
   to another, i.e.  interdomain roaming.  This protocol is focused on
   solving the intradomain problem where IAs and makes the out-of-band exchange of addresses available for
   assignment to other clients.

   The server then generates a
   shared secret is feasible.

17.5.2. Use Reply message.  If all of the Authentication option in IAs were
   valid and the delayed authentication
   protocol

   In a Solicit message, addresses successfully released, the Authentication server includes
   a Status Code option carries with value Success.  If any of the Protocol,
   Algorithm, RDM and Replay detection fields, but no Authentication
   information.

   In an Advertise, Request, Renew, Rebind IAs were
   invalid or Confirm message, if any of the
   Authentication option carries addresses were not successfully released,
   the Protocol, Algorithm, RDM and Replay
   detection fields and Authentication information.  The format server leaves all of the
   Authentication information is:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Secret ID (32 bits)                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    |                     HMAC-MD5 (128 bits)                       |
    |                                                               |
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following definitions will be used IAs in the description message unchanged (the server
   releases none of the
   authentication information for delayed authentication, algorithm 1:

   Replay Detection  - as defined by addresses in any of the RDM field
   K                 - a secret value shared between IAs in the source message) and
                       destination of the message; each secret has
   includes a
                       unique identifier (secret ID)
   secret ID         - the unique identifier for the secret Status Code option with value
                       used to generate the MAC for this message
   HMAC-MD5          - the MAC generating function. NoBinding.  The sender computes server MUST
   NOT include any other options in the MAC using Reply message.

   A client can send an option containing an IA with no listed addresses
   to release implicitly all of the HMAC generation algorithm [10]
   and addresses in the MD5 hash function  [19].  The entire DHCP message (except
   as noted below), including the DHCP message header and the options
   field, IA.

   A server is used as input not required to the HMAC-MD5 computation function.  The
   'secret ID' field MUST be set (but may choose to the identifier as an implementation
   strategy) retain any record of the secret used to
   generate the MAC.

   DISCUSSION:

      Algorithm 1 specifies the use an IA from which all of HMAC-MD5.  Use the addresses
   have been released.

16.2.6. Receipt of a
      different technique, such as HMAC-SHA, will be specified as
      a separate protocol.

      Delayed authentication requires a shared secret key for each
      client on each DHCP Decline messages

   The server with which that MAY choose to discard Decline messages received via
   unicast from a client may wish to use which the DHCP protocol.  Each secret key server has not sent a unique
      identifier that can be used by unicast
   option.

   Upon the receipt of a receiver to determine which
      secret was used to generate valid Decline message, the MAC server examines the
   IAs and the addresses in the DHCP message.
      Therefore, delayed authentication may not scale well IAs for validity.  If the IAs in an
      architecture the
   message are in which a DHCP client connects to multiple
      administrative domains.

17.5.3. Message validation

   To validate an incoming message, binding for the receiver first checks that client and the value addresses in the replay detection field is acceptable according
   to the replay detection method specified IAs
   have been assigned by the RDM field.  Next, server to those IA, the receiver computes server deletes
   the MAC as described in [10]. addresses from the IAs.  The receiver
   MUST set server SHOULD mark the 'MAC' field of addresses
   declined by the authentication option to all 0s for
   computation of the MAC, client so that those addresses are not assigned to
   other clients, and because MAY choose to make a DHCP relay agent may alter
   the values notification that addresses
   were declined.

   The server then generates a Reply message.  If all of the 'giaddr' IAs were
   valid and 'hops' fields in the DHCP message, addresses successfully declined,, the contents server includes
   a Status Code option with value Success.  If any of those two fields MUST also be set to zero for the
   computation IAs were
   invalid or if any of the MAC. If addresses were not successfully declined,
   the MAC computed by server leaves all of the receiver does not
   match IAs in the MAC contained message unchanged (the server
   releases none of the addresses in any of the authentication option, IAs in the receiver message) and
   includes a Status Code option with value NoBinding.  The server MUST discard
   NOT include any other options in the DHCP Reply message.

17.5.4. Key utilization

   Each DHCP client has a key, K. The

   A client uses its key can send an option containing an IA with no listed addresses
   to encode
   any decline implicitly all of the addresses in the IA.

16.2.7. Sending of Reply messages it sends to

   If the Request, Confirm, Renew, Rebind, Release or Decline message
   from the client was originally received in a Relay-forward message
   from a relay, the server places the Reply message in the options
   field of a Relay-response message and to authenticate copies the link-prefix and verify
   any messages it receives
   client-return-address fields from the server. Relay-forward message into the
   Relay-response message.

   The client's key SHOULD
   be initially distributed server then unicasts the Reply or Relay-reply to the client through some out-of-band
   mechanism, and SHOULD be stored locally on source
   address from the client for use IP datagram in all
   authenticated DHCP messages.  Once the client has been given its key,
   it SHOULD use that key for all transactions even if the client's
   configuration changes; e.g., if which the client is assigned a new network
   address.

   Each original message was
   received.

17. DHCP Server-Initiated Configuration Exchange

   A server MUST know, or be able to obtain in initiates a secure manner,
   the keys for all authorized clients.  If all configuration exchange to cause DHCP clients
   to obtain new addresses and other configuration information.  For
   example, an administrator may use a server-initiated configuration
   exchange when links in the same
   key, clients can perform both entity and message authentication for
   all messages received from servers.  However, DHCP domain are to be renumbered.  Other
   examples include changes in the sharing location of keys
   is strongly discouraged as it allows for unauthorized clients to
   masquerade as authorized clients by obtaining a copy directory servers,
   addition of the shared
   key.  To authenticate the identity new services such as printing, and availability of individual clients, each client
   MUST be configured with a unique key.

17.5.5. Client considerations for delayed authentication protocol

17.5.5.1. Sending Solicit messages

   When the client new
   software (system or application).

17.1. Server Behavior

   A server sends a Solicit Reconfigure-init message and wishes to use
   authentication, it includes an Authentication option cause a client to
   initiate immediately a Request/Reply message exchange with the desired
   protocol, algorithm, RDM
   server.

17.1.1. Creation and replay detection transmission of Reconfigure-init messages

   The server sets the "msg-type" field as described
   in section 17.5. to RECONFIG-INIT. The client does not include any authentication
   information server
   generates a transaction-ID and inserts it in the Authentication option.

17.5.6. Receiving Advertise messages "transaction-ID"
   field.  The client validates any Advertise messages containing server places its address (of appropriate scope) in the
   "server-address" field.

   The server MAY include an
   Authentication ORO option specifying the delayed authentication protocol
   using to inform the validation test described in section 17.5.3.

   Client behavior if no Advertise messages include authentication client of what
   information has been changed or pass new information that has been added.

   In particular, the validation test is controlled by local policy
   on server specifies the client.  According to client policy, IA option in the ORO if the
   server wants the client MAY choose to
   respond to a Advertise message that has not been authenticated. obtain new address information.

   The decision to set local policy to accept unauthenticated messages
   should be made with care.  Accepting server MUST include an unauthenticated Advertise
   message can make authentication option with the client vulnerable to spoofing appropriate
   settings and other
   attacks.  If local users are not explicitly informed add that option as the client
   has accepted an unauthenticated Advertise message, last option in the users may
   incorrectly assume that "options"
   field of the client has received Reconfigure-init message.

   The server MUST NOT include any other options in the Reconfigure-init
   except as specifically allowed in the definition of individual
   options.

   A server sends each Reconfigure-init message to a single DHCP client,
   using an authenticated IPv6 unicast address and is not subject of sufficient scope belonging to the
   DHCP attacks through unauthenticated
   messages.

   A client MUST be configurable to discard unauthenticated messages,
   and SHOULD be configured by default to discard unauthenticated
   messages.  A client.  The server may obtain the address of the client MAY choose to differentiate between Advertise
   messages with no authentication through
   the information and Advertise messages that do not pass the validation test; for example, a client might
   accept the former and discard the latter.  If a client does accept an
   unauthenticated message, the client SHOULD inform any local users and
   SHOULD log server has about clients that have been in
   contact with the event.

17.5.6.1. Sending Request, Confirm, Renew, Rebind server, or Release messages

   If the client authenticated server may be configured with the Advertise message through which
   address of the client selected the server, through some external agent.

   To reconfigure more than one client, the client MUST generate authentication
   information for subsequent Request, Confirm, Renew, Rebind or Release
   messages sent server unicasts a separate
   message to the each client.  The server as described in section 17.5.  When may initiate the
   client sends reconfiguration
   of multiple clients concurrently; for example, a subsequent message, it MUST use the same secret used
   by the server may send
   a Reconfigure-init message to generate the authentication information.

17.5.6.2. Receiving Reply messages

   If additional clients while previous
   reconfiguration message exchanges are still in progress.

   The Reconfigure-init message causes the client authenticated the Advertise it accepted, to initiate a
   Request/Reply message exchange with the client
   MUST validate server.  The server
   interprets the associated Reply receipt of a Request message from the server.  The client MUST discard the Reply if as
   satisfying the Reconfigure-init message fails to pass validation request.

17.1.2. Time out and MAY log the validation failure. retransmission of Reconfigure-init messages

   If the Reply fails to pass
   validation, the client MUST restart the DHCP configuration process by
   sending a Solicit message.  The client MAY choose to remember which server replied with does not receive a Reply Request message that failed to pass validation
   and discard subsequent messages from that server.

   If the client accepted an Advertise message that did not include
   authentication information or did not pass
   in RECREP_MSG_TIMEOUT milliseconds, the validation test, server retransmits
   the
   client MAY accept an unauthenticated Reply message from Reconfigure-init message, doubles the server.

17.5.7. Server considerations for delayed authentication protocol

17.5.7.1. Receiving Solicit messages RECREP_MSG_TIMEOUT
   value and Sending Advertise messages waits again.  The server selects a secret for continues this process until
   REC_MSG_ATTEMPTS unsuccessful attempts have been made, at which point
   the client server SHOULD abort the reconfigure process for that client.

   Default and includes
   authentication information initial values for RECREP_MSG_TIMEOUT and
   REC_MSG_ATTEMPTS are documented in the Advertise message returned section 7.5.

17.1.3. Receipt of Request messages

   The server generates and sends Reply message(s) to the client as specified
   described in section 17.5.  The server MUST record the
   identifier of 16.2.7, including in the secret selected "options" field new
   values for configuration parameters.

   It is possible that the client and use that same
   secret for validating subsequent messages with may send a Request message after the client.

17.5.7.2. Receiving Request, Confirm, Renew, Rebind or Release messages
   and Sending Reply messages

   The
   server uses the secret identified in has sent a Reconfigure-init but before the message and validates Reconfigure-init
   is received by the message as specified in section 17.5.3.  If client.  In this case, the Request message fails to
   pass validation or from
   the server does client may not know include all of the secret identified IAs and requests for parameters
   to be reconfigured by the 'secret ID' field, server.  To accommodate this scenario, the
   server MUST discard the message and MAY choose to log the validation failure.

   If the message passes the validation procedure, send a Reply with the server responds IAs and other parameters
   to be reconfigured, even if those IAs and parameters were not in the specific
   Request message as described in section 14.4.  The server
   MUST include authentication information generated using from the secret
   identified in client.

17.2. Client Behavior

   A client MUST always monitor UDP port 546 for Reconfigure-init
   messages on interfaces upon which it has acquired DHCP parameters.
   Since the received message as specified in section 17.5.

17.5.7.3. Sending Reconfigure-Init results of a reconfiguration event may affect application
   layer programs, the client SHOULD log these events, and MAY notify
   these programs of the change through an implementation-specific
   interface.

17.2.1. Receipt of Reconfigure-init messages

   The server MUST include authentication information in

   Upon receipt of a
   Reconfigure-Init valid Reconfigure-init message, generated as specified in section 17.5
   using the secret client
   initiates a Request/Reply transaction with the server initially selected for server.  While
   the Request/Reply transaction is in progress, the client silently
   discards any Reconfigure-init messages it receives.

   DISCUSSION:

      The Reconfigure-init message acts as a trigger that signals
      the client to
   which complete a successful Request/Reply message
      exchange.  Once the Reconfigure-Init client has received a Reconfigure-init,
      the client proceeds with the Request/Reply message is to be sent.

18. DHCP options

   Options are used to carry
      exchange (retransmitting the Request if necessary); the
      client ignores any additional information and parameters
   in DHCP messages.  Every option shares a common base format, as
   described Reconfigure-init messages
      (regardless of the transaction ID in section 18.1.

   This document describes the DHCP options defined as part Reconfigure-init
      message) until the Request/Reply exchange is complete.
      Subsequent Reconfigure-init messages (again independent
      of the base
   DHCP specification.  Other options may be defined in transaction ID) cause the future in client to initiate a
   separate document.

18.1. Format new
      Request/Reply exchange.

      How does this mechanism work in the face of DHCP options

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          option-code          |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     |                      (option-len octets)                      |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   An unsigned integer identifying duplicated
      or retransmitted Reconfigure-init messages?  Duplicate
      messages will be ignored because the specific option
                    type carried in this option.

      option-len    An unsigned integer giving client will begin
      the length Request/Reply exchange after the receipt of the data in
                    this option in octets.

      option-data   The data for
      first Reconfigure-init.  Retransmitted messages will
      either trigger the option; Request/Reply exchange (if the format first
      Reconfigure-init was not received by the client) or will
      be ignored.  The server can discontinue retransmission of this data
                    depends on
      Reconfigure-init messages to the definition client once the server
      receives the Request from the client.

      It might be possible for a duplicate or retransmitted
      Reconfigure-init to be sufficiently delayed (and
      delivered out of order) to arrive at the option.

18.2. DHCP unique identifier option client after
      the Request/Reply exchange (initiated by the original
      Reconfigure-init) has been completed.  In this case, the
      client would initiate a redundant Request/Reply exchange.
      The DHCP unique identifier option likelihood of delayed and out of order delivery is used small
      enough to carry a DUID. be ignored.  The format
   for consequence of the DUID redundant
      exchange is keyed inefficiency rather than incorrect operation.

17.2.2. Creation and sending of Request messages

   When responding to mark a Reconfigure-init, the type of identifier client creates and is of
   variable length.  The format of
   sends the DUID option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          OPTION DUID          |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           DUID type           |           DUID len            |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                             DUID                              |
     .                                                               .
     .                                                               .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

18.3. Identity association option

   The identity association option is used to carry an identity
   association, Request message in exactly the parameters associated same manner as outlined in
   section 16.1.1 with the following difference:

      IAs   The client includes IA and options containing the addresses the
            client currently has assigned to those IAs for the IA. interface
            through which the Reconfigure-init message was received.

17.2.3. Time out and retransmission of Request messages

   The format client uses the same variables and retransmission algorithm as it
   does with Request messages generated as part of a client-initiated
   configuration exchange.  See section 16.1.1 for details.

17.2.4. Receipt of Reply messages

   Upon the IA option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION IA           |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                        IAID (4 octets)                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T1                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T2                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |   IA status   |   num-addrs   |T| addr status | prefix length |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                      preferred lifetime                       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | receipt of a valid lifetime                         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |T| addr status | prefix length |                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |      preferred lifetime       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | pref. lifetime (cont.)        |        valid lifetime         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | valid lifetime (cont.)        |T| addr status | prefix length |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              ...                              |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_IA (1)

      option-len           Variable; equal to 24 + num-addrs*26

      IA ID                The unique identifier for this IA; chosen by Reply message, the client

      T1                   The time at which extracts the client contacts
   contents of the
                           server from which "options" field, and sets (or resets) configuration
   parameters appropriately.  The client records and updates the
   lifetimes for any addresses specified in IAs in the IA
                           were obtained to extend the lifetimes of Reply message.
   If the
                           addresses assigned to configuration parameters changed were requested by the IA.

      T2                   The time at which
   application layer, the client contacts any
                           available server to extend notifies the lifetimes application layer of the addresses assigned to
   changes using an implementation-specific interface.

   As discussed in section 17.1.3, the IA.

      T                    When set to 1, indicates that this address is
                           a "temporary address" [15]; when set to 0, Reply from the address is server may include
   IAs and parameters that were not a temporary address.

      IA status            Status of the IA included in this option.

      num-addrs            An unsigned integer giving the number Request message from
   the client.  The client MUST configure itself with all of
                           addresses carried the IAs and
   parameters in the Reply from the server.

18. Relay Behavior

   For this IA option (MAY discussion, the Relay may be
                           zero).

      addr status          Status configured to use a list of the addresses in this IA.

      prefix length        Prefix length for this address.

      IPv6
   server destination addresses, which may include unicast addresses,
   the All_DHCP_Servers multicast address, or other multicast addresses
   selected by the network administrator.  If the Relay has not been
   explicitly configured, it MUST use the All_DHCP_Servers multicast
   address         An IPv6 as the default.

18.1. Relaying of client messages

   When a Relay receives a valid client message, it constructs a
   Relay-forward message.  The relay places an address with a prefix
   assigned to this IA.

      preferred lifetime   The preferred lifetime for the associated
                           IPv6 address.

      valid lifetime       The valid lifetime for link on which the associated IPv6
                           address.

   The "IPv6 address", "preferred lifetime" and "valid lifetime" fields
   are repeated for each client should be assigned an
   address in the IA option (as determined link-prefix field.  This address will be used by the
   "num-addrs" field).

   Note that an IA has no explicit "lifetime" or "lease length" of
   its own.  When the lifetimes of all of
   server to determine the addresses in an IA have
   expired, link from which the IA can client should be considered as having expired.  T1 assigned
   an address and T2
   are included to give servers explicit control over when a client
   recontacts other configuration information.

   If the server about a specific IA.

   The 'T' bit identifies relay cannot use the associated address as a temporary address.
   If in the server is configured to assign temporary addresses link-prefix field to
   identify the
   client, the server marks those temporary addresses with interface through which the 'T'
   bit.  The number of temporary addresses assigned response to the client and
   the lifetimes of those addresses is determined by
   will be forwarded, the administrative
   configuration of relay MUST include a circuit-id option (see
   section 20.15)in the server. Relay-forward message.  The 'T' bit only identifies an address
   as a temporary address; identification of an server will include
   the circuit-id option in its Relay-reply message.

   The relay copies the source address as ``temporary''
   has no implication on from the lifetime of IP datagram in which the extensibility of
   message was received from the
   lifetime of client into the address.

18.4. Option request option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION_ORO          |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    requested-option-code-1    |    requested-option-code-2    |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              ...                              |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_ORO (2)

      option-len    Variable; equal to twice client-return-address
   field in the number of Relay-forward message.

   The relay constructs a "client-message" option codes
                    carried 20.7 that contains
   the entire message from the client in this option.

      option-data   A list the data field of the option codes for
   option.  The relay places the "relay-message" option along with any
   "relay-specific" options requested in this option.

18.5. Client message option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_CLIENT_MSG       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                       DHCP client message                     |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_CLIENT_MSG (3)

      option-len    Variable; equal to the length options field of the forwarded DHCP
                    client Relay-forward
   message.

      option-data  The message received from Relay then sends the client; forwarded
                    verbatim Relay-forward message to the server.

18.6. Server message option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_SERVER_MSG       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                       DHCP list
   of server message                     |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_SERVER_MSG (4)

      option-len    Variable; equal to the length destination addresses that it has been configured with.

18.2. Relaying of server messages

   When the relay receives a Relay-reply message, it extracts the forwarded DHCP server message.

      option-data   The
   message received from the server; forwarded
                    verbatim to "server-message" option.  If the client.

18.7. Retransmission parameter option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      OPTION_RETRANS_PARM      |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     |                      (option-len octets)                      |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_RETRANS_PARM (5)

      option-len    An unsigned integer giving Relay-reply message
   includes a circuit-id option, the length of relay forwards the data in
                    this option in octets.

      option-data   TBD - The details of message from the operational parameters
   server to
                    be set in the client

18.8. DSTM Global IPv4 Address Option

   The DSTM Global IPv4 Address Option informs a client or server that on the Identity Association Option (IA) following this option will
   contain an IPv4-Mapped IPv6 Address [9] in link identified by the case of a Client
   receiving circuit-id option.
   Otherwise, the option, or is a Request for an IPv4-Mapped IPv6 Address
   from a client in relay forwards the case of a DHCPv6 Server receiving message on the link identified
   by the link-prefix option.
   The option can also provide a set of IPv6 addresses to be used as  In either case, the
   Tunnel Endpoint (TEP) to encapsulate an IPv6 packet within IPv6.

   This option can be used with relay forwards the Request, Reply, and Reconfigure-Init
   Messages for cases where a server wants to assign
   message to clients
   IPv4-Mapped IPv6 Addresses, thru the Option Request Option (ORO).

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_DSTM          |             option-length     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          Tunnel End Point (TEP)               |
   |                           (If Present)                        |
   |                            (16 octets)                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option code        OPTION_DSTM (7)

      option length      Variable:  0 or multiple of 16

      tunnel end point   IPv6 Address or addresses if Present

   A DSTM IPv4 Global Address Option MUST only apply to address in the IA following
   this option.

18.9. Authentication option

   The client-return-address field in the
   Relay-reply message.

19. Authentication option carries authentication information of DHCP messages

   Some network administrators may wish to
   authenticate provide authentication of
   the identity source and contents of DHCP messages.  The  For example, clients may
   be subject to denial of service attacks through the use of bogus
   DHCP servers, or may simply be misconfigured due to unintentionally
   instantiated DHCP servers.  Network administrators may wish to
   constrain the allocation of addresses to authorized hosts to avoid
   denial of service attacks in "hostile" environments where the Authentication option network
   medium is described in section 17.

   The format not physically secured, such as wireless networks or
   college residence halls.

   Because of the Authentication option is:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_AUTH          |        option-length          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Protocol    |   Algorithm   |      RDM      | Replay detect.|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Replay Detection (64 bits)                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Replay cont.                  | Auth. Info    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |           Authentication Information                          |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code                  OPTION_AUTH (TBD)
      option-length                Variable

      protocol                     The authentication protocol used in
                                   this authentication option

      algorithm                    The algorithm used in risk of denial of service attacks against DHCP
   clients, the use of authentication protocol

      RDM                          The replay detection method used is mandated in
                                   this Reconfigure-init
   messages.  A DHCP server MUST include an authentication option

      Replay detection             The replay detection information for
                                   the RDM

      Authentication information in
   Reconfigure-init messages sent to clients.

   The DHCP authentication information,
                                   as specified by mechanism is based on the protocol and
                                   algorithm used in this design of
   authentication
                                   option

18.10. Server unicast option

   This option is used by a server to send for DHCP for IPv4 [8].

19.1. DHCP threat model

   The threat to DHCP is inherently an insider threat (assuming a client to inform
   properly configured network where DHCPv6 ports are blocked on the
   client it can send a Request, Renew, Confirm, Release, and Decline
   perimeter gateways of the enterprise).  Regardless of the gateway
   configuration, however, the potential attacks by
   unicasting directly insiders and
   outsiders are the same.

   The attack specific to a DHCP client is the server instead possibility of the ALL-DHCPv6-Agents
   Multicast address as an optimization, when
   establishment of a "rogue" server with the client as an address intent of sufficient scope providing
   incorrect configuration information to reach the server.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_UNICAST  |             option-length          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code     OPTION_UNICAST (TBD)

      option-length   0

   This option only applies to the server address that sends this client.  The motivation
   for doing so may be to establish a "man in the
   client.

18.11. Domain Search Option

   This option provides middle" attack or it
   may be for a list "denial of domain names service" attack.

   There is another threat to DHCP clients from mistakenly or
   accidentally configured DHCP servers that answer DHCP client requests
   with unintentionally incorrect configuration parameters.

   The threat specific to a DHCP server is an invalid client can use
   masquerading as a valid client.  The motivation for this may be for
   "theft of service", or to
   resolve DNS names.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   OPTION_DOMAIN_SEARCH_LIST   |         option-length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Domain Search List                       |
   |                              ...                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      msg type                    OPTION_DOMAIN_SEARCH_LIST (TBD)

      option-length               variable

      Domain Search List circumvent auditing for any number of
   nefarious purposes.

   The DNS domain search list the client
                                  should use threat common to resolve names.

   So that both the search list may be encoded compactly client and uniformly,
   search strings in the search list are concatenated and encoded using server is the technique described in section 4.1 resource
   "denial of [13].

   For use in this specification, service" (DoS) attack.  These attacks typically involve
   the compression pointer (see section
   4.1.4 exhaustion of [13]) refers to the offset within valid addresses, or the SearchString portion exhaustion of the option.

18.12. Domain Name Server Option

   This option provides CPU or
   network bandwidth, and are present anytime there is a list shared
   resource.  In current practice, redundancy mitigates DoS attacks the
   best.

19.2. Security of Domain Name System [13] messages sent between servers and relay agents

   Relay agents and servers that a client
   name resolver can use to access DNS services.  There must be at least
   1 server listed in this option.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      OPTION_DNS_SERVERS       |         option_length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                   DNS server (IP address)                     |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                   DNS server (IP address)                     |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                              ...                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      msg-type             OPTION_DNS_SERVERS (TBD)

      option-length        variable

      DNS server           IPv6 address of a DNS name server for the
                           client choose to use.  The DNS servers are listed in
                           the order of preference for exchange messages securely
   use by the client
                           resolver.

19. DHCP Client Implementor Notes

   This section provides helpful information IPsec mechanisms for the client implementor
   regarding their implementations. IPv6 [10].  The text described here way in which IPsec
   is employed by relay agents and servers is not part specified in this
   document.

19.3. Summary of DHCP authentication

   Authentication of DHCP messages is accomplished through the protocol, but rather a discussion use of implementation features
   we feel
   the implementor should consider during implementation.

19.1. Primary Interface

   Since configuration parameters acquired through DHCP Authentication option.  The authentication information carried
   in the Authentication option can be
   interface-specific or more general, used to reliably identify the client implementor SHOULD
   provide
   source of a mechanism by which the client implementation can be
   configured DHCP message and to specify which interface is confirm that the primary interface.  The
   client SHOULD always query contents of the DHCP data associated with the primary
   interface for non-interface specific configuration parameters.  An
   implementation MAY implement
   message have not been tampered with.

   The Authentication option provides a list of interfaces which would be
   scanned framework for multiple
   authentication protocols.  Two such protocols are defined here.
   Other protocols defined in order to satisfy the general request.  In either case, future will be specified in separate
   documents.

   The protocol field in the
   first interface scanned is considered Authentication option identifies the primary interface.

   By allowing
   specific protocol used to generate the specification of a primary interface, authentication information
   carried in the client
   implementor option.  The algorithm field identifies which interface is authoritative for
   non-interface a specific parameters, which prevents configuration
   information ambiguity
   algorithm within the client implementation.

19.2. Advertise Message and Configuration Parameter Caching

   If the hardware authentication protocol; for example, the client is running on permits it,
   algorithm field specifies the implementor
   SHOULD provide a cache for Advertise messages and a cache of
   configuration parameters received through DHCP. Providing these
   caches prevents unnecessary DHCP traffic and hash algorithm used to generate the subsequent load
   this generates on
   message authentication code (MAC) in the servers. authentication option.  The implementor SHOULD provide a
   configuration knob for setting
   replay detection method (RDM) field specifies the amount type of time the cache(s) are
   valid.

19.3. Time out and retransmission variables

   Note that the client time out and retransmission variables outlined replay
   detection used in section 7.5 can be configured on the server and sent to the client
   through replay detection field.

19.4. Replay detection

   The Replay Detection Method (RDM) field determines the use type of the "DHCP Retransmission Parameter Option", which
   is documented replay
   detection used in section 18.7.  A client implementation SHOULD the Replay Detection field.

   If the RDM field contains 0x00, the replay detection field MUST be
   able
   set to reset these variables using the values from this option.

19.4. Server Preference

   A client MUST wait for SRVR_PREF_WAIT seconds after sending value of a DHCP
   Solicit message to collect Advertise messages and compare their
   preferences (see section 20.3), unless it receives an Advertise
   message with monotonically increasing counter.  Using a preference of 255.  If
   counter value such as the client receives an
   Advertise message with a preference current time of 255, then day (e.g., an NTP-format
   timestamp [12]) can reduce the client MAY act
   immediately on that Advertise without waiting for any more additional
   Advertise messages.

20. DHCP Server Implementor Notes danger of replay attacks.  This section provides helpful method
   MUST be supported by all protocols.

19.5. Configuration token protocol

   If the protocol field is 0, the authentication information for field
   holds a simple configuration token.  The configuration token is an
   opaque, unencoded value known to both the server implementor.

20.1. Client Bindings

   A server implementation MUST use sender and receiver.  The
   sender inserts the IA's DUID configuration token in the DHCP message and the prefix
   specification
   receiver matches the token from which the client sent its Request message(s) as an
   index for finding configuration parameters assigned message to the client.
   While it isn't critical to keep track of shared token.  If
   the other parameters
   assigned to a client, configuration option is present and the server token from the message
   does not match the shared token, the receiver MUST keep track of discard the addresses it
   has assigned
   message.

   Configuration token may be used to an IA. pass a plain-text configuration
   token and provides only weak entity authentication and no message
   authentication.  This protocol is only useful for rudimentary
   protection against inadvertently instantiated DHCP servers.

   DISCUSSION:

      The server should periodically scan intent here is to pass a constant, non-computed token
      such as a plain-text password.  Other types of entity
      authentication using computed tokens such as Kerberos
      tickets or one-time passwords will be defined as separate
      protocols.

19.6. Delayed authentication protocol

   If the protocol field is 1, the message is using the "delayed
   authentication" mechanism.  In delayed authentication, the client
   requests authentication in its bindings for addresses whose
   leases have expired.  When Solicit message and the server finds expired addresses, it
   MUST delete replies
   with an Advertise message that includes authentication information.
   This authentication information contains a nonce value generated by
   the assignment source as a message authentication code (MAC) to provide message
   authentication and entity authentication.

   The use of those addresses, thereby making these
   addresses available a particular technique based on the HMAC protocol [11]
   using the MD5 hash [19] is defined here.

19.6.1. Management issues in the delayed authentication protocol

   The "delayed authentication" protocol does not attempt to other clients. address
   situations where a client may roam from one administrative domain
   to another, i.e.  interdomain roaming.  This protocol is focused on
   solving the intradomain problem where the out-of-band exchange of a
   shared secret is feasible.

19.6.2. Use of the Authentication option in the delayed authentication
   protocol

   In a Solicit message, the Authentication option carries the Protocol,
   Algorithm, RDM and Replay detection fields, but no Authentication
   information.

   In an Advertise, Request, Renew, Rebind or Confirm message, the
   Authentication option carries the Protocol, Algorithm, RDM and Replay
   detection fields and Authentication information.  The format of the
   Authentication information is:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Secret ID (32 bits)                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    |                     HMAC-MD5 (128 bits)                       |
    |                                                               |
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   The following definitions will be used in the description of the
   authentication information for delayed authentication, algorithm 1:

   Replay Detection  - as defined by the RDM field
   K                 - a secret value shared between the source and
                       destination of the message; each secret has a
                       unique identifier (secret ID)
   secret ID         - the unique identifier for the secret value
                       used to generate the MAC for this message
   HMAC-MD5          - the MAC generating function.

   The sender computes the MAC using the HMAC generation algorithm [11]
   and the MD5 hash function  [19].  The entire DHCP message (except
   the MAC field of the authentication option itself), including the
   DHCP message header and the options field, is used as input to the
   HMAC-MD5 computation function.  The 'secret ID' field MUST be set to
   the identifier of the secret used to generate the MAC.

   DISCUSSION:

      Algorithm 1 specifies the use of HMAC-MD5.  Use of a
      different technique, such as HMAC-SHA, will be specified as
      a separate protocol.

      Delayed authentication requires a shared secret key for each
      client on each DHCP server with which that client may wish
      to use the DHCP protocol.  Each secret key has a unique
      identifier that can be used by a receiver to determine which
      secret was used to generate the MAC in the DHCP message.
      Therefore, delayed authentication may not scale well in an
      architecture in which a DHCP client connects to multiple
      administrative domains.

19.6.3. Message validation

   To validate an incoming message, the receiver first checks that
   the value in the replay detection field is acceptable according
   to the replay detection method specified by the RDM field.  Next,
   the receiver computes the MAC as described in [11].  The receiver
   MUST set the 'MAC' field of the authentication option to all 0s for
   computation of the MAC. If the MAC computed by the receiver does not
   match the MAC contained in the authentication option, the receiver
   MUST discard the DHCP message.

19.6.4. Key utilization

   Each DHCP client has a key, K. The client uses its key to encode
   any messages it sends to the server and to authenticate and verify
   any messages it receives from the server.  The client's key SHOULD
   be initially distributed to the client through some out-of-band
   mechanism, and SHOULD be stored locally on the client for use in all
   authenticated DHCP messages.  Once the client has been given its key,
   it SHOULD use that key for all transactions even if the client's
   configuration changes; e.g., if the client is assigned a new network
   address.

   Each DHCP server MUST know, or be able to obtain in a secure manner,
   the keys for all authorized clients.  If all clients use the same
   key, clients can perform both entity and message authentication for
   all messages received from servers.  However, the sharing of keys
   is strongly discouraged as it allows for unauthorized clients to
   masquerade as authorized clients by obtaining a copy of the shared
   key.  To authenticate the identity of individual clients, each client
   MUST be configured with a unique key.

19.6.5. Client considerations for delayed authentication protocol

19.6.5.1. Sending Solicit messages

   When the client sends a Solicit message and wishes to use
   authentication, it includes an Authentication option with the desired
   protocol, algorithm, RDM and replay detection field as described
   in section 19.6.  The client does not include any authentication
   information in the Authentication option.

19.6.5.2. Receiving Advertise messages

   The client validates any Advertise messages containing an
   Authentication option specifying the delayed authentication protocol
   using the validation test described in section 19.6.3.

   Client behavior if no Advertise messages include authentication
   information or pass the validation test is controlled by local policy
   on the client.  According to client policy, the client MAY choose to
   respond to a Advertise message that has not been authenticated.

   The decision to set local policy to accept unauthenticated messages
   should be made with care.  Accepting an unauthenticated Advertise
   message can make the client vulnerable to spoofing and other
   attacks.  If local users are not explicitly informed that the client
   has accepted an unauthenticated Advertise message, the users may
   incorrectly assume that the client has received an authenticated
   address and is not subject to DHCP attacks through unauthenticated
   messages.

   A client MUST be configurable to discard unauthenticated messages,
   and SHOULD be configured by default to discard unauthenticated
   messages.  A client MAY choose to differentiate between Advertise
   messages with no authentication information and Advertise messages
   that do not pass the validation test; for example, a client might
   accept the former and discard the latter.  If a client does accept an
   unauthenticated message, the client SHOULD inform any local users and
   SHOULD log the event.

19.6.5.3. Sending Request, Confirm, Renew, Rebind or Release messages

   If the client authenticated the Advertise message through which the
   client selected the server, the client MUST generate authentication
   information for subsequent Request, Confirm, Renew, Rebind or Release
   messages sent to the server as described in section 19.6.  When the
   client sends a subsequent message, it MUST use the same secret used
   by the server to generate the authentication information.

19.6.5.4. Receiving Reply messages

   If the client authenticated the Advertise it accepted, the client
   MUST validate the associated Reply message from the server.  The
   client MUST discard the Reply if the message fails to pass validation
   and MAY log the validation failure.  If the Reply fails to pass
   validation, the client MUST restart the DHCP configuration process by
   sending a Solicit message.  The client MAY choose to remember which
   server replied with a Reply message that failed to pass validation
   and discard subsequent messages from that server.

   If the client accepted an Advertise message that did not include
   authentication information or did not pass the validation test, the
   client MAY accept an unauthenticated Reply message from the server.

19.6.6. Server considerations for delayed authentication protocol

19.6.6.1. Receiving Solicit messages and Sending Advertise messages

   The server selects a secret for the client and includes
   authentication information in the Advertise message returned to the
   client as specified in section 19.6.  The server MUST record the
   identifier of the secret selected for the client and use that same
   secret for validating subsequent messages with the client.

19.6.6.2. Receiving Request, Confirm, Renew, Rebind or Release messages
   and Sending Reply messages

   The server uses the secret identified in the message and validates
   the message as specified in section 19.6.3.  If the message fails to
   pass validation or the server does not know the secret identified by
   the 'secret ID' field, the server MUST discard the message and MAY
   choose to log the validation failure.

   If the message passes the validation procedure, the server responds
   to the specific message as described in section 16.2.  The server
   MUST include authentication information generated using the secret
   identified in the received message as specified in section 19.6.

19.6.6.3. Sending Reconfigure-Init messages

   The server MUST include authentication information in a
   Reconfigure-Init message, generated as specified in section 19.6
   using the secret the server initially selected for the client to
   which the Reconfigure-Init message is to be sent.

20. DHCP options

   Options are used to carry additional information and parameters
   in DHCP messages.  Every option shares a common base format, as
   described in section 20.1.

   This document describes the DHCP options defined as part of the base
   DHCP specification.  Other options may be defined in the future in a
   separate document.

20.1. Format of DHCP options

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          option-code          |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     |                      (option-len octets)                      |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   An unsigned integer identifying the specific option
                    type carried in this option.

      option-len    An unsigned integer giving the length of the data in
                    this option in octets.

      option-data   The data for the option; the format of this data
                    depends on the definition of the option.

20.2. DHCP unique identifier option

   The DHCP unique identifier option is used to carry a DUID. The format
   for the DUID is keyed to mark the type of identifier and is of
   variable length.  The format of the DUID option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          OPTION DUID          |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           DUID type           |             DUID              |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |                                                               |
     .                         DUID (cont.)                          .
     .                                                               .
     .                                                               .
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

20.3. Identity association option

   The identity association option is used to carry an identity
   association, the parameters associated with the IA and the addresses
   assigned to the IA.

   The format of the IA option is:

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION IA           |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                        IAID (4 octets)                        |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T1                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              T2                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |   IA status   |   num-addrs   |T| addr status | prefix length |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                      preferred lifetime                       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                        valid lifetime                         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |T| addr status | prefix length |                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                               +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                               |      preferred lifetime       |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | pref. lifetime (cont.)        |        valid lifetime         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     | valid lifetime (cont.)        |T| addr status | prefix length |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                                                               |
     |                         IPv6 address                          |
     |                          (16 octets)                          |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              ...                              |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_IA (TBD)

      option-len           Variable; equal to 24 + num-addrs*26

      IA ID                The unique identifier for this IA; chosen by
                           the client
      T1                   The time at which the client contacts the
                           server from which the addresses in the IA
                           were obtained to extend the lifetimes of the
                           addresses assigned to the IA.

      T2                   The time at which the client contacts any
                           available server to extend the lifetimes of
                           the addresses assigned to the IA.

      T                    When set to 1, indicates that this address is
                           a "temporary address" [15]; when set to 0,
                           the address is not a temporary address.

      IA status            Status of the IA in this option.

      num-addrs            An unsigned integer giving the number of
                           addresses carried in this IA option (MAY be
                           zero).

      addr status          Status of the addresses in this IA.

      prefix length        Prefix length for this address.

      IPv6 address         An IPv6 address assigned to this IA.

      preferred lifetime   The preferred lifetime for the associated
                           IPv6 address.

      valid lifetime       The valid lifetime for the associated IPv6
                           address.

   The "IPv6 address", "preferred lifetime" and "valid lifetime" fields
   are repeated for each address in the IA option (as determined by the
   "num-addrs" field).

   Note that an IA has no explicit "lifetime" or "lease length" of
   its own.  When the lifetimes of all of the addresses in an IA have
   expired, the IA can be considered as having expired.  T1 and T2
   are included to give servers explicit control over when a client
   recontacts the server about a specific IA.

   The 'T' bit identifies the associated address as a temporary address.
   If the server is configured to assign temporary addresses to the
   client, the server marks those temporary addresses with the 'T'
   bit.  The number of temporary addresses assigned to the client and
   the lifetimes of those addresses is determined by the administrative
   configuration of the server.  The 'T' bit only identifies an address
   as a temporary address; identification of an address as "temporary"
   has no implication on the lifetime of the extensibility of the
   lifetime of the address.

20.4. Option request option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           OPTION_ORO          |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |    requested-option-code-1    |    requested-option-code-2    |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                              ...                              |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_ORO (TBD)

      option-len    Variable; equal to twice the number of option codes
                    carried in this option.

      option-data   A list of the option codes for the options requested
                    in this option.

   A client MAY include an Option Request option in a Solicit, Request,
   Renew, Rebind or Confirm message to inform the server about options
   the client wants the server to send to the client.

20.5. Preference option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_PREFERENCE       |          option-len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |  pref value   |
     +-+-+-+-+-+-+-+-+

      option-code   OPTION_PREFERENCE (TBD)

      option-len    MUST be 1

      option-data   The preference value for the server in this message.

   A server MAY include a Preference option in an Advertise message to
   control the selection of a server by the client.  See section 15.1.3
   for the use of the Preference option by the client and the
   interpretation of Preference option data value.

20.6. Elapsed Time

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      OPTION_ELAPSED_TIME      |           option_len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          elapsed time         |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_ELAPSED_TIME (TBD)

      option-len    MUST be 2

      option-data   The amount of time since the client began its
                    current DHCP transaction.  This time is expressed in
                    hundredths of a second (10^-2 seconds).

   A client MAY include an Elapsed Time option in messages to indicate
   how long the client has been trying to complete a DHCP transaction.
   Servers MAY use the data value in this option as input to policy
   controlling how a server responds to a client message.

20.7. Client message option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_CLIENT_MSG       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                       DHCP client message                     |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_CLIENT_MSG (TBD)

      option-len    Variable; equal to the length of the forwarded DHCP
                    client message.

      option-data   The message received from the client; forwarded
                    verbatim to the server.

20.8. Server message option

      0                   1                   2                   3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_SERVER_MSG       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                       DHCP server message                     |
     |                                                               |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code   OPTION_SERVER_MSG (TBD)

      option-len    Variable; equal to the length of the forwarded DHCP
                    server message.

      option-data   The message received from the server; forwarded
                    verbatim to the client.

20.9. DSTM Global IPv4 Address Option

   The DSTM Global IPv4 Address Option informs a client or server that
   the Identity Association Option (IA) following this option will
   contain an IPv4-Mapped IPv6 Address [9] in the case of a Client
   receiving the option, or is a Request for an IPv4-Mapped IPv6 Address
   from a client in the case of a DHCPv6 Server receiving the option.
   The option can also provide a set of IPv6 addresses to be used as the
   Tunnel Endpoint (TEP) to encapsulate an IPv6 packet within IPv6.

   This option can be used with the Request, Reply, and Reconfigure-Init
   Messages for cases where a server wants to assign to clients
   IPv4-Mapped IPv6 Addresses, thru the Option Request Option (ORO).

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_DSTM          |             option-length     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          Tunnel End Point (TEP)               |
   |                           (If Present)                        |
   |                            (16 octets)                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option code        OPTION_DSTM (TBD)

      option length      Variable:  0 or multiple of 16

      tunnel end point   IPv6 Address or addresses if Present
   A DSTM IPv4 Global Address Option MUST only apply to the IA following
   this option.

20.10. Authentication option

   The Authentication option carries authentication information to
   authenticate the identity and contents of DHCP messages.  The use of
   the Authentication option is described in section 19.

   The format of the Authentication option is:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_AUTH          |        option-length          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Protocol    |   Algorithm   |      RDM      | Replay detect.|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Replay Detection (64 bits)                 |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Replay cont.                  | Auth. Info    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |           Authentication Information                          |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code                  OPTION_AUTH (TBD)

      option-length                Variable

      protocol                     The authentication protocol used in
                                   this authentication option

      algorithm                    The algorithm used in the
                                   authentication protocol

      RDM                          The replay detection method used in
                                   this authentication option

      Replay detection             The replay detection information for
                                   the RDM

      Authentication information   The client bindings MUST be stored authentication information,
                                   as specified by the protocol and
                                   algorithm used in non-volatile storage.

   The this authentication
                                   option

20.11. Server unicast option

   This option is used by a server implementation should provide policy knobs to control
   whether or not send to a client to inform
   the lifetimes on assigned addresses are renewable, client it MAY send a Request, Renew, Release, and Decline by how long.

20.2. Reconfigure-init Considerations

   A server implementation MUST provide an interface
   unicasting directly to the
   administrator for initiating reconfigure-init events.

20.3. Server Preference

   The server implementation SHOULD allow the setting instead of a server
   preference value by the administrator.  The server preference
   variable is All_DHCPv6_Agents
   Multicast address as an unsigned single octet value (0--255), with the lowest
   preference being 0 and the highest 255.  Clients will choose higher
   preference servers over those with lower preference values.  If you
   don't choose to implement this feature in your server, you MUST set optimization, when the server preference field client as an address
   of sufficient scope to 0 in reach the Advertise messages generated
   by your server.

20.4. Request Message Transaction-ID Cache

   In order to improve performance, a server implementation MAY include
   an in memory transaction-ID cache.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          OPTION_UNICAST       |        option-length          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code     OPTION_UNICAST (TBD)

      option-length   0

   This cache is indexed by client
   binding and transaction-ID, and enables the server option only applies to quickly
   determine whether a Request is a retransmission or a new Request
   without the cost of a database lookup.  If an implementor chooses to
   implement this cache, then they SHOULD provide a configuration knob server address that sends this to tune the lifetime of the cache entries.

21. DHCP Relay Implementor Notes

   A relay implementation SHOULD allow the specification of a list of
   destination addresses for forwarded messages.
   client.

20.12. Domain Search Option

   This option provides a list MAY contain
   any mixture of unicast addresses and multicast addresses.

   If domain names a relay receives an ICMP message in response client can use to a DHCP message it
   has forwarded, it SHOULD log this event.

22. Security

   Section 17 describes a threat model and an option that provides an
   authentication framework
   resolve DNS names.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   OPTION_DOMAIN_SEARCH_LIST   |         option-length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                      Domain Search List                       |
   |                              ...                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code                 OPTION_DOMAIN_SEARCH_LIST (TBD)

      option-length               variable

      Domain Search List          The DNS domain search list the client
                                  should use to defend against resolve names.

   So that threat model.

23. Year 2000 considerations

   Since all times the search list may be encoded compactly and uniformly,
   search strings in the search list are relative to concatenated and encoded using
   the current time technique described in section 4.1 of [13].

   For use in this specification, the compression pointer (see section
   4.1.4 of [13]) refers to the transaction,
   there is no problem offset within the DHCPv6 protocol related to any
   hardcoded dates or two-digit representation SearchString portion
   of the current year.

24. IANA Considerations option.

20.13. Domain Name Server Option

   This document defines several new name spaces associated with DHCPv6
   and DHCPv6 options.  IANA is requested to manage the allocation option provides a list of
   values from these Domain Name System [13] that a client
   name spaces.

   New values resolver can use to access DNS services.  There must be at least
   1 server listed in each this option.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      OPTION_DNS_SERVERS       |         option_length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                   DNS server (IP address)                     |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                   DNS server (IP address)                     |
   |                                                               |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                              ...                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_DNS_SERVERS (11)

      option-length        variable

      DNS server           IPv6 address of these a DNS name spaces should be approved by server for the
   process of IETF Consensus [14].

24.1. DHCPv6 options

   This document defines message types TBD
                           client to be received by UDP at port
   numbers 546 and 547.  Additional message types may be defined use.  The DNS servers are listed in
                           the
   future.

24.2. Multicast addresses

   Section 7.1 lists several multicast addresses used order of preference for use by DHCP.
   Additional multicast addresses may be defined in the future.

24.3. client
                           resolver.

20.14. Status codes

   Section 9.7 defines several Code Option

   This option returns indications of status codes that are not related to be returned with
   the Reply message. a specific
   option.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       OPTION_STATUS_CODE      |         option-length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |          status-code          |         status-message        |
   |                              ...                              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_STATUS_CODE (TBD)
      option-length        variable

      status-code          The non-zero values numeric code for these the status encoded in
                           this option.  The status codes that
   are currently specified are shown in the table defined in
                           section 7.4.

24.4. Retransmission parameter

      status-message       A UTF-8 encoded text string, which MUST NOT
                           be null-terminated.

20.15. Circuit-ID Option

   This option

   There is provides a DHCPv6 option described in section 18.7, which allows
   clients and servers to exchange values for some of the timing
   and retransmission parameters defined in section 7.5.  Adding new
   parameters in the future would require extending the values by mechanism through which
   the parameters are indicated in the DHCP option.  Since there needs
   to be a list kept, the default values for each parameter should also
   be stored as part of the list.

24.5. Authentication option

   Section 17 defines three new name spaces associated with relay agent can
   identify the
   Authentication Option (section 18.9), network attachment point through which are to be created and
   maintained by IANA: Protocol, Algorithm and RDM.

   Initial values assigned a message was
   received from the Protocol name space are a DHCP client.

    0 (for the
   configuration token Protocol in section 17.4) and                   1 (for the delayed
   authentication Protocol in section 17.5).  Additional protocols may
   be defined in the future.

   The Algorithm name space is specific to individual Protocols.  That
   is, each Protocol has its own Algorithm name space.  The guidelines
   for assigning Algorithm name space values for a particular protocol
   should be specified along with the definition                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       OPTION_CIRCUIT_ID       |         option_length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   |                          Circuit-ID                           |
   .                                                               .
   .                                                               .
   .                                                               .
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          OPTION_CIRCUIT_ID (TBD)

      option-length        variable

      Circuit-ID           An opaque value of arbitrary length; this
                           value must uniquely identify one of a new Protocol.

   For the configuration token Protocol, the Algorithm field MUST be
   0, as described in section 17.4.  For the delayed authentication
   Protocol,
                           network attachments used by the Algorithm value 1 relay agent

20.16. User Class Option

   This option is assigned used by a client to identify the HMAC-MD5
   generating function as defined in section 17.5.  Additional
   algorithms for the delayed authentication protocol may be defined type or category of
   user or applications it represents.  The information contained in
   this option is an opaque field that represents the future.

   The initial value user class of 0 from
   which the RDM name space client is assigned to the
   use of a monotonically increasing value as defined in section 17.3.
   Additional replay detection methods may be defined in the future.

25. Acknowledgments

   Thanks to the DHC Working Group for their time and input into the
   specification.  Ralph Droms and Thomas Narten have had member.  Based on this class, a major
   role in shaping the continued improvement of DHCP server
   selects the protocol by their
   careful reviews.  Many thanks appropriate address pool to assign an address to Matt Crawford, Erik Nordmark, Gerald
   Maguire, and Mike Carney for their studied review as part of the
   Last Call process.  Thanks also for the consistent input, ideas,
   client and
   review the appropriate configuration parameters.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |       OPTION_USER_CLASS       |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          user class data                      |
     |                             . . .                             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          TBD

      option-len           Variable; If n user classes are carried
                           by (in alphabetical order) Brian Carpenter, Francis DuPont,
   Ted Lemon, Jack McCann, Yakov Rekhter, Matt Thomas, Sue Thomson,
   Bernie Volz and Phil Wells.

   Thanks to Steve Deering and Bob Hinden, who have consistently
   taken the time to discuss option, the more complex parts length of the IPv6
   specifications.

   Bill Arbaugh reviewed the authentication mechanism described in
   section 17.

   The Domain Search option described in section 18.11 is based on
                           option-len = sum of each of the
   DHCPv4 domain search option, [1], and was reviewed user class
                           lengths + 2*n.

      option-data          The user classes carried by Bernard Aboba.

A. Comparison between DHCPv4 and DHCPv6

   This appendix is provided for readers who will find it useful to see
   a model and architecture comparison between DHCPv4 [7, 2] and DHCPv6.
   There are three key reasons for the differences:

     o IPv6 inherently supports a new model and architecture for
       communications and autoconfiguration client.

   The user class option may contain one or more instances of user class
   data.  Each instance of addresses.

     o DHCPv6 benefits from the new IPv6 features.

     o New features were added to support the expected evolution user class data is formatted as follows:

     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+
     |       user class1 len         |           user1 class data    |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-...-+-+-+-+-+-+-+

   The user class length is two octets long and specifies the existence length of more complicated Internet
   the opaque user class data in network service
       requirements.

   IPv6 Architecture/Model Changes:

     o The link-local address permits a node to have an address
       immediately when byte order.

   Servers may interpret the node boots, which means all clients have a
       source IP address at all times to locate meanings of multiple class specifications
   in an on-link server implementation dependent or
       relay.

     o The need for BOOTP compatibility and the broadcast flag have been
       removed.

     o Multicast configuration dependent manner,
   and address scoping in IPv6 permit so the design use of
       discovery packets that would inherently define their range multiple classes by a DHCP client should be based
   on the
       multicast address for the function required.

     o Stateful autoconfiguration has to coexist and integrate with
       stateless autoconfiguration supporting Duplicate Address
       Detection specific server implementation and the two IPv6 lifetimes, configuration which will
   be used to facilitate process that User class option.  Servers not equipped to
   interpret the dynamic
       renumbering of addresses user class information sent by a client MUST ignore it
   (although it may be reported).

20.17. Vendor Class Option

   This option is used by clients and the management servers to exchange vendor-
   specific information.  The definition of those addresses.

     o Multiple addresses per interface are inherently supported this information is vendor
   specific.  The vendor is indicated in
       IPv6.

     o Some DHCPv4 options are unnecessary now because the configuration
       parameters are either obtained through IPv6 Neighbor Discovery or vendor class identifier
   option.  Servers not equipped to interpret the Service Location protocol [21].

   DHCPv6 Architecture/Model Changes:

     o vendor-specific
   information sent by a client MUST ignore it (although it may be
   reported).  Clients which do not receive desired vendor-specific
   information SHOULD make an attempt to operate without it, although
   they may do so(and announce they are doing so) in a degraded mode.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |      OPTION_VENDOR_CLASS      |           option-len          |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     |                             . . .                             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      option-code          TBD

      option-len           Variable

      option-data          The message type information is an opaque object of
                           option-len octets, presumably interpreted
                           by vendor-specific code on the first octet clients and
                           servers

   If a vendor potentially encodes more than one item of information
   in this option, then the vendor SHOULD encode the packet.

     o IPv6 Address allocations are now handled in a message option using
   "Encapsulated vendor-specific options".

   The Encapsulated vendor-specific options field SHOULD be encoded as
       opposed a
   sequence of code/length/value fields of identical syntax to the message header.

     o Client/Server bindings DHCP
   options field.

   When encapsulated vendor-specific extensions are now mandatory and take advantage used, each of the client's link-local address to always permit communications
       either directly from an on-link server, or from a off-link server
       through an on-link relay.

     o Servers are discovered by a client Solicit, followed by a server
       Advertise message

     o The client will know if the server
   encapsulated options is on-link or off-link.

     o formatted as follows.

      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |          opt_code             |             opt_len           |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |                          option-data                          |
     |                             . . .                             |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      opt_code             The on-link relay may locate off-link server addresses from
       system configuration or by code for the use encapsulated option

      opt_len              The length of the encapsulated option

      option-data          The data area for the encapsulated option

21. Security Considerations

   Section 19 describes a site-wide multicast
       packet.

     o ACKs threat model and NAKs an option that provides an
   authentication framework to defend against that threat model.

22. Year 2000 considerations

   Since all times are not used.

     o The server assumes relative to the client receives its responses unless it
       receives a retransmission current time of the same client request.  This
       permits recovery in the case where the network has faulted.

     o Clients can issue multiple, unrelated Request messages to transaction,
   there is no problem within the
       same DHCPv6 protocol related to any
   hardcoded dates or different servers.

     o The function two-digit representation of DHCPINFORM is inherent in the current year.

23. IANA Considerations

   This document defines several new packet design;
       a client can request configuration parameters other than IPv6
       addresses in the optional option headers.

     o Clients MUST listen name spaces associated with DHCPv6
   and DHCPv6 options.  IANA is requested to their UDP port for manage the new
       Reconfigure-init message allocation of
   values from servers.

     o New options have been defined.

   With these name spaces, which are described in the changes just enumerated, we can support new user features,
   including
     o Configuration remainder
   of Dynamic Updates this section.  These name spaces are all to DNS

     o Address deprecation, for dynamic renumbering.

     o Relays can be preconfigured with server addresses, or use of
       multicast.

     o Authentication

     o Clients can ask managed separately
   from the name spaces defined for multiple IP addresses.

     o Addresses can DHCPv4 [7, 2].

   New values in each of these name spaces should be reclaimed using approved by the Reconfigure-init message.

     o Integration between stateless and stateful address
       autoconfiguration.

     o Enabling relays to locate off-link servers.

B. Full Copyright Statement

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

   This document and translations
   process of it may be copied and furnished IETF consensus [14].

23.1. Multicast addresses

   Section 7.1 defines the following multicast addresses, which have
   been assigned by IANA for use by DHCPv6:

      All_DHCP_Agents address:    FF02::1:2

      All_DHCP_Servers address:   FF05::1:3

   IANA is requested to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, manage definition of additional multicast
   addresses in whole or the future.

23.2. DHCPv6 message types

   IANA is requested to record the message types defined in part, without restriction section 7.3.
   IANA is requested to manage definition of any
   kind, provided that additional message types in
   the above copyright notice and this paragraph
   are included on all such copies and derivative works.  However,
   this document itself may not be modified future.

23.3. DUID

   IANA is requested to record the DUID types defined in section 10.1.
   IANA is requested to manage definition of additional DUID types in any way, such as by
   removing
   the copyright notice or references future.

23.4. DHCPv6 options

   IANA is requested to assign option-codes to the Internet Society
   or other Internet organizations, except as needed for options defined
   in section 20.1.  IANA is requested to manage the purpose definition of developing Internet standards
   additional DHCPv6 option-codes in which case the procedures
   for copyrights future.

23.5. Status codes

   IANA is requested to record the status codes defined in the Internet Standards process must be
   followed, or as required section 7.4.
   IANA is requested to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by manage the Internet Society or its successors or assigns.

   This document and definition of additional status codes
   in the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

C. Changes future.

23.6. Authentication option

   Section 19 defines three new name spaces associated with the
   Authentication Option (section 20.10), which are to be created and
   maintained by IANA: Protocol, Algorithm and RDM.

   Initial values assigned from the Protocol name space are 0 (for the
   configuration token Protocol in this draft

   This section describes 19.5) and 1 (for the changes between this version of delayed
   authentication Protocol in section 19.6).  Additional protocols may
   be defined in the DHCPv6
   specification and draft-ietf-dhc-dhcpv6-19.txt.

C.1. Reconfigure-init future.

   The client behavior in response Algorithm name space is specific to individual Protocols.  That
   is, each Protocol has its own Algorithm name space.  The guidelines
   for assigning Algorithm name space values for a Reconfigure-init message particular protocol
   should be specified along with the definition of a new Protocol.

   For the configuration token Protocol, the Algorithm field MUST be
   0, as described in section 15 has been changed.  When 19.5.  For the client receives
   a Reconfigure-init message, delayed authentication
   Protocol, the client goes into "Reconfigure"
   mode.  The client initiates a Request/Reply exchange in which Algorithm value 1 is assigned to the
   XID HMAC-MD5
   generating function as defined in client Request is independent of server Reconfigure-init XID.
   The server waits section 19.6.  Additional
   algorithms for the next Request message delayed authentication protocol may be defined in
   the future.

   The initial value of 0 from the client RDM name space is assigned to
   determine if the client has received
   use of a monotonically increasing value as defined in section 19.4.
   Additional replay detection methods may be defined in the Reconfigure-init.

   To avoid redundant Request/Reply messages exchanges, future.

24. Acknowledgments

   Thanks to the client
   ignores subsequent Reconfigure-init messages until it completes DHC Working Group for their time and input into the
   specification.  Ralph Droms and Thomas Narten have had a major
   role in shaping the
   Request/Reply exchange.

   Use continued improvement of multicast the protocol by their
   careful reviews.  Many thanks to Matt Crawford, Erik Nordmark, Gerald
   Maguire, and Mike Carney for Reconfigure-init message delivery has been
   removed:

    -  Multicast only saves, at most, 1/3 their studied review as part of the messages when
       reconfiguring multiple clients

    -  Multicast might cause an implosion of Request messages;
       additional complexity in
   Last Call process.  Thanks also for the client consistent input, ideas, and protocol messages would
       be required to add delay to spread out Request messages

    -  Authentication of multicast Reconfigure-init messages (where a
       single message must be authenticated
   review by multiple clients) is an
       open problem

   Text has been added clarifying that the ORO option applies (in alphabetical order) Brian Carpenter, Francis DuPont,
   Ted Lemon, Jack McCann, Yakov Rekhter, Matt Thomas, Sue Thomson,
   Bernie Volz and Phil Wells.

   Thanks to IAs as
   well as other options.  The server may choose Steve Deering and Bob Hinden, who have consistently
   taken the time to omit discuss the IA option
   from more complex parts of the ORO in IPv6
   specifications.

   Bill Arbaugh reviewed the Reconfigure-init message. authentication mechanism described in
   section 19.

   The Reconfigure-delay Domain Search option (used only by multicast
   Reconfigure-init) has been removed.

   The transaction ID feild described in section 20.12 is based on the Reconfigure-init message header
   DHCPv4 domain search option, [1], and was reviewed by Bernard Aboba.

A. Comparison between DHCPv4 and DHCPv6

   This appendix is
   now marked as "(unused) MUST be zero".

C.2. Authentication

   DHCPv4-style authentication has been added provided for readers who will find it useful to this draft in
   section 17.

C.3. Confirm message

   The following DISCUSSION was removed from see
   a model and architecture comparison between DHCPv4 [7, 2] and DHCPv6.
   There are three key reasons for the description differences:

     o IPv6 inherently supports a new model and architecture for
       communications and autoconfiguration of addresses.

     o DHCPv6 benefits from the
   Confirm message:

   DISCUSSION:

      This section used to allow servers new IPv6 features.

     o New features were added to change support the addresses
      in expected evolution and
       the existence of more complicated Internet network service
       requirements.

   IPv6 Architecture/Model Changes:

     o The link-local address permits a node to have an IA. Without some additional mechanism, servers
      responding address
       immediately when the node boots, which means all clients have a
       source IP address at all times to Confirm messages can't change safely
      change locate an on-link server or
       relay.

     o The need for BOOTP compatibility and the addresses broadcast flag have been
       removed.

     o Multicast and address scoping in IAs (although they can change IPv6 permit the lifetimes), because servers may send back different
      addresses.

C.4. Failure design of Rebind message

   In section 14.3.4,
       discovery packets that would inherently define their range by the alternatives
       multicast address for client behavior in the
   case that the client receives no response function required.

     o Stateful autoconfiguration has to a Rebind message were
   taken out of a DISCUSSION section coexist and made part of the spec.  These
   alternatives are really an implementation issue integrate with
       stateless address autoconfiguration supporting duplicate address
       detection [20] and not part of the
   DHCPv6 spec.

C.5. Server behavior in response to Release message

   The following DISCUSSION was merged into the text describing server
   behavior in response two IPv6 address lifetimes, to a Release message in section 14.4.5:

   DISCUSSION:

      What is facilitate
       the behavior dynamic renumbering of the server relative to a "partially
      released" IA; i.e., an IA for which some but not all addresses are released?

      Can a client send an empty IA to release all and the management of those
       addresses.

     o Multiple addresses per interface are inherently supported in
       IPv6.

     o Some DHCPv4 options are unnecessary now because the IA?

      If the IA becomes empty - all addresses configuration
       parameters are released - can either obtained through IPv6 Neighbor Discovery or
       the server discard any record of Service Location protocol [21].

   DHCPv6 Architecture/Model Changes:

     o The message type is the IA?

C.6. Client behavior when sending first octet in the packet.

     o IPv6 Address allocations are now handled in a Release message

   Text has been added to section 14.3.6 clarifying that a client MAY
   (but not MUST) wait for a Reply to a Release message.

C.7. IA option

   The format diagram has been corrected as
       opposed to include the prefix length message header.

     o Client/Server bindings are now mandatory and take advantage
       of the link-local address status with each address.  PROPOSAL - use left-most bit
   in address status to indicate whether an address is "temporary".

C.8. DSTM option

   Definition of DSTM option has been updated to carry multiple IPv6
   addresses as tunnel endpoints.

C.9. Server unicast option

   An option to allow clients to use unicast where possible has been
   added in section 18.10.

C.10. Domain search option

   An option to pass a domain name search list to a the client has been
   added in section 18.11.

C.11. DNS servers option

   An option to pass always permit
       communications either directly from an on-link server, or from a list of DNS options to
       off-link server through an on-link relay.

     o Servers are discovered by a client has been added in
   section 18.12.

C.12. DUID and IAID

   The "DHCP unique identifier" is defined as Solicit, followed by a typed, variable length
   value (see section 18.2).  The DUID is carried in an option. server
       Advertise message

     o The
   details of client will know if the DUID are TBD.

   The "IA identifier" server is defined as a 4 octet identifier, unique among
   all IAIDs for IAs on-link or off-link.

     o The on-link relay may locate off-link server addresses from
       system configuration or by the use of a client.

C.13. Continuing to poll with Solicit

   Text has been added to section 13.3.2 allowing a site-wide multicast
       packet.

     o ACKs and NAKs are not used.

     o The server assumes the client to continue
   to send Solicit messages at low frequency indefinitely.

C.14. Using DHCPv6 without address assignment

   Text has been added to section 14.3.1 allowing receives its responses unless it
       receives a retransmission of the same client to send a
   Solicit message containing no IAs to request other configuration
   information without address assignment (equivalent to DHCPv4
   DHCPINFORM).

C.15. Potential crossing request.  This
       permits recovery in flight of the case where the network has faulted.

     o Clients can issue multiple, unrelated Request and Reconfigure-init messages

   Text has been added to section 15 addressing the case
       same or different servers.

     o The function of DHCPINFORM is inherent in which the
   client sends a Request after a server has sent new packet design;
       a Reconfigure-init but
   before the client receives can request configuration parameters other than IPv6
       addresses in the Reconfigure-init.

D. Open Issues for Working Group Discussion

   This section contains some items optional option headers.

     o Clients MUST listen to their UDP port for discussion by the working group.

D.1. Generation and use of DUID and IAID

   Details for generation and use new
       Reconfigure-init message from servers.

     o New options have been defined.

   With the changes just enumerated, we can support new user features,
   including

     o Configuration of DUID and IA identifiers is TBD.

D.2. Dynamic Updates to DNS

     o Address registration

   Should there be a way deprecation, for a DHCP client to register stateless
   autoconfig addresses dynamic renumbering.

     o Relays can be preconfigured with the server?

D.3. Prefix advertisement

   Can a DHCP server advertise prefixes?  This function might addresses, or use of
       multicast.

     o Authentication

     o Clients can ask for multiple IP addresses.

     o Addresses can be used
   to provide managed temporary addresses - reclaimed using the server advertises a
   prefix Reconfigure-init message.

     o Integration between stateless and the client then registers selected addresses with the DHCP
   server.

D.4. DHCP-DNS interaction

   Interaction among DHCP servers, clients stateful address
       autoconfiguration.

     o Enabling relays to locate off-link servers.

B. Full Copyright Statement

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

   This document and DNS servers should translations of it may be
   discussed in this document.

   What is relationship between DHCP-DNS for IPv4 (work-in-progress) copied and
   DHCP-DNS interaction requirements for IPv6?

D.5. Use of term "agent"

   The term "agent", taken furnished to mean "relay agent
   others, and derivative works that comment on or otherwise explain it
   or server", assist in its implementation may be
   confusing.  "relay agent prepared, copied, published
   and distributed, in whole or server" might be clearer.

D.6. Additional options

   Which additional options should be included in part, without restriction of any
   kind, provided that the above copyright notice and this base spec
   document?  How should we reserve space paragraph
   are included on all such copies and derivative works.  However,
   this document itself may not be modified in any way, such as by
   removing the copyright notice or references to the Internet Society
   or other Internet organizations, except as needed for "local options" (as the purpose
   of developing Internet standards in
   DHCPv4)?

D.7. Operational parameters

   Should servers have which case the procedures
   for copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an option to set operational parameters -
   retransmission timeouts, number of retries - in clients?
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

References

    [1] B. Aboba.  DHCP Domain Search Option.  Internet Draft, Internet
        Engineering Task Force, December 2000.  Work in progress.

    [2] S. Alexander and R. Droms.  DHCP Options and BOOTP Vendor
        Extensions.  Request for Comments (Draft Standard) 2132,
        Internet Engineering Task Force,
        Extensions, March 1997.  RFC 2132.

    [3] S. Bradner.  Key words for use in RFCs to Indicate Requirement
        Levels.  Request for Comments (Best Current Practice) 2119,
        Internet Engineering Task Force,
        Levels, March 1997.  RFC 2119.

    [4] S. Bradner and A. Mankin.  The Recommendation for the IP Next
        Generation Protocol.  Request for Comments (Proposed Standard)
        1752, Internet Engineering Task Force, Protocol, January 1995.  RFC 1752.

    [5] W. J. W.J. Croft and J. Gilmore.  Bootstrap Protocol.  Request for
        Comments 951, Internet Engineering Task Force, Protocol, September 1985.
        RFC 951.

    [6] S. Deering and R. Hinden.  Internet Protocol, Version 6 (IPv6)
        Specification.  Request for Comments (Draft Standard) 2460,
        Internet Engineering Task Force,
        Specification, December 1998.  RFC 2460.

    [7] R. Droms.  Dynamic Host Configuration Protocol.  Request for
        Comments (Draft Standard) 2131, Internet Engineering Task Force, Protocol, March 1997.  RFC
        2131.

    [8] R. Droms and W. Arbaugh.  Authentication for DHCP Messages.
        Internet Draft, Internet Engineering Task Force, January 2001.
        Work in progress.

    [9] R. Hinden and S. Deering.  IP Version 6 Addressing Architecture.
        Request for Comments (Proposed Standard) 2373, Internet
        Engineering Task Force, Architecture,
        July 1998.  RFC 2373.

   [10] S. Kent and R. Atkinson.  Security Architecture for the Internet
        Protocol, November 1998.  RFC 2401.

   [11] H. Krawczyk, M. Bellare, and R. Canetti.  HMAC: Keyed-Hashing
        for Message Authentication.  Request for Comments
        (Informational) 2104, Internet Engineering Task Force, Authentication, February 1997.

   [11] J. McCann, S. Deering, and J. Mogul.  Path MTU Discovery for
        IP version 6.  Request for Comments (Proposed Standard) 1981,
        Internet Engineering Task Force, August 1996.  RFC 2104.

   [12] David L. Mills.  Network Time Protocol (Version 3)
        Specification, Implementation.  Request for Comments (Draft
        Standard) 1305, Internet Engineering Task Force, Implementation, March 1992.  RFC 1305.

   [13] P. V. P.V. Mockapetris.  Domain names - implementation and
        specification.  Request for Comments (Standard) 1035, Internet
        Engineering Task Force,
        specification, November 1987.  RFC 1035.

   [14] T. Narten and H. Alvestrand.  Guidelines for Writing an IANA
        Considerations Section in RFCs.  Request for Comments (Best
        Current Practice) 2434, Internet Engineering Task Force, RFCs, October 1998.  RFC 2434.

   [15] T. Narten and R. Draves.  Privacy Extensions for Stateless
        Address Autoconfiguration in IPv6.  Request for Comments
        (Proposed Standard) 3041, Internet Engineering Task Force, IPv6, January 2001.  RFC 3041.

   [16] T. Narten, E. Nordmark, and W. Simpson.  Neighbor Discovery for
        IP Version 6 (IPv6).  Request for Comments (Draft Standard)
        2461, Internet Engineering Task Force, (IPv6), December 1998.  RFC 2461.

   [17] D. C. D.C. Plummer.  Ethernet Address Resolution Protocol:  Or
        converting network protocol addresses to 48.bit Ethernet address
        for transmission on Ethernet hardware.  Request for Comments
        (Standard) 826, Internet Engineering Task Force, hardware, November 1982.  RFC 826.

   [18] J. Postel.  User Datagram Protocol.  Request for Comments
        (Standard) 768, Internet Engineering Task Force, Protocol, August 1980.  RFC 768.

   [19] R. Rivest.  The MD5 Message-Digest Algorithm.  Request for
        Comments (Informational) 1321, Internet Engineering Task Force, Algorithm, April 1992.  RFC
        1321.

   [20] S. Thomson and T. Narten.  IPv6 Stateless Address
        Autoconfiguration.  Request for Comments (Draft Standard) 2462,
        Internet Engineering Task Force,
        Autoconfiguration, December 1998.  RFC 2462.

   [21] J. Veizades, E. Guttman, C. Perkins, and S. Kaplan.  Service
        Location Protocol.  Request for Comments (Proposed Standard)
        2165, Internet Engineering Task Force, Protocol, June 1997.  RFC 2165.

   [22] P. Vixie, Ed., S. Thomson, Y. Rekhter, and J. Bound.  Dynamic
        Updates in the Domain Name System (DNS UPDATE).  Request for
        Comments (Proposed Standard) 2136, Internet Engineering Task
        Force, UPDATE), April 1997.  RFC
        2136.

Chair's Address

   The working group can be contacted via the current chair:

         Ralph Droms
         Cisco Systems
         300 Apollo Drive
         Chelmsford, MA 01824

         Phone:  (978) 244-4733
         E-mail:  rdroms@cisco.com

Author's Address

Authors' Addresses

   Questions about this memo can be directed to:

        Jim Bound
        Compaq Computer Corporation
        ZK3-3/W20
        110 Spit Brook Road
        Nashua, NH 03062-2698
        USA
        Phone:  +1 603 884 0062
        Email:  Jim.Bound@compaq.com

        Mike Carney
        Sun Microsystems, Inc
        Mail Stop:  UMPK17-202
        901 San Antonio Road
        Palo Alto, CA 94303-4900
        USA
        Phone:  +1-650-786-4171
        Email:  mwc@eng.sun.com

        Charles E. Perkins
        Communications Systems Lab
        Nokia Research Center
        313 Fairchild Drive
        Mountain View, California 94043
        USA
        Phone:  +1-650 625-2986
        Email:  charliep@iprg.nokia.com
        Fax:  +1 650 625-2502

        Ralph Droms
        Cisco Systems
        300 Apollo Drive
        Chelmsford, MA 01824
        USA
        Phone:  +1 978 244 4733
        Email:  rdroms@cisco.com